Enforce Field-Level Security for All Flow Operations

For most operations, a flow is only as powerful as the user who’s running it. So if the user doesn’t have edit access to one of the fields, the flow fails, and you receive an email with details about why it failed. For Fast Create and Fast Update elements, you choose whether to enforce field-level security or ignore inaccessible fields. This change applies to both Lightning Experience and Salesforce Classic.

To control the behavior, toggle the Filter Inaccessible Fields from Flow Requests preference on the Process Automation Settings page in Setup. If your org was created in Winter ’17 or earlier, the preference is enabled by default; otherwise, the preference is disabled by default.

Warning

Warning

If you change your org’s selection for this preference, use a sandbox to test how the change impacts your flows. Consider following the same process as you would for a critical update.

When Filter Inaccessible Fields from Flow Requests is
Selected Not Selected (Recommended)
Result when the running user doesn’t have edit access to all fields The operation partially succeeds.

The flow filters read-only fields out of the operation. The fields that the user can edit are updated. The fields that the user can’t edit aren’t updated. The flow doesn’t execute the fault path.

The operation fails.

No fields in the operation are updated. The flow executes the fault path if there is one.

Notification when one or more fields aren’t updated No notification is sent to the user or admin to indicate that some fields weren’t updated. The admin receives a flow error email with full details.
Compared to Record Create and Record Update elements Inconsistent Consistent

Example

Using a Fast Update element, a flow updates several fields on an opportunity. At runtime, the flow tries to update the Acme account on behalf of your user. The user can edit Stage and Close Date but not Amount. As a result, the flow doesn’t have permission to update Amount.
  • If Filter Inaccessible Fields from Flow Requests is selected, the flow successfully updates the account, but it only updates Stage and Close Date. The flow doesn’t notify anybody that Amount wasn’t updated.
  • If Filter Inaccessible Fields from Flow Requests is not selected, the flow fails to update the account. The admin receives a flow error email. The email includes this error.

    INVALID_FIELD_FOR_INSERT_UPDATE: Unable to create/update fields: Amount

    That's API-speak for “The running user doesn’t have permission to edit the Amount field.”