Field level security with managed package

  • 1
  • Question
  • Updated 7 months ago
  • In Progress

We are an AppExchange partner and we use Skuid for our app development.

We are getting some complaints from customers which have set up their own profiles that they get a Skuid error on pages for fields in standard objects that the users don't have permissions on. My understanding was that Skuid implements Field-level security and I would expect that when a page is loaded with a field the user does not have permissions to the field would simply not be shown. Instead the user gets an error on top of the page and the field is not visible. I have check if there are settings for this on rendering the field, but I did not find a solution.

Any help on this would be appreciated.

Photo of Yair

Yair

  • 130 Points 100 badge 2x thumb

Posted 7 months ago

  • 1
Photo of Zach McElrath

Zach McElrath, Employee

  • 53,432 Points 50k badge 2x thumb
Yair, end-users should only see red page problems if the users have Edit rights on the Skuid Page object. I would double check the Profile / Permission Sets assigned to the users to make sure that they do NOT have Edit rights on the Skuid Page object. You are correct that the Skuid forms / tables should just hide the fields that the user does not have Field Level Security access to, these components should gracefully hide nonessential fields.
Photo of Yair

Yair

  • 130 Points 100 badge 2x thumb
Hi Zack, I did some more testing on a test org and that is correct execpt when the user has the profile Skuid was installed to. I installed skuid in that org for system administrators only and when i remove all the premision sets except page user the user still gets the error and can still edit the page. Even when i remove all the Permission sets and the licence from the user i can access the pages and get the error. i also see the edit option of the page but when i click on it i get an error