Block Certain Fields in the User Record for Orgs with Communities and Portals (Security Alert and Critical Update, Enforced)

Salesforce is giving customers the option to enable a user setting that allows the hiding of certain personal information fields on the user records in orgs with communities or portals. The fields are hidden from view when external users are accessing user records. External users can still see their own user records. This change doesn’t apply to queries running in System Mode.

Where: This change applies to all orgs with communities or portals.

How: Salesforce is introducing an org setting that allows for the hiding of other users' personal information in pages showing the user record to external user profiles, and in SOSL and SOQL queries that run as external users.

The affected fields are
  • Alias
  • EmployeeNumber
  • FederationIdentifier
  • SenderEmail
  • Signature
  • Username
  • Division
  • Title
  • Department
  • Extension
Admins can enable the setting Hide Personal Information for the org under User Management Settings. After enabling the setting, searches on user records don't show the affected fields of other users to external users.
Important

Important

Enabling the Hide Personal Information setting is a Salesforce security best practice.
Test any changes in a sandbox environment before introducing it in production.
Tip

Tip

This update is both a critical update and a security alert, and appears in both the Critical Update Console and the Security Alerts page in Setup. To ensure a smooth transition, follow the step-by-step recommendations on the Security Alerts page.