Block Certain Fields in the User Record for Orgs with Communities and Portals (Previously Released Security Alert and Update, Enforced)

Salesforce is giving customers the option to enable a user setting that allows the hiding of certain personal information fields on the user records in orgs with communities or portals. The fields are hidden from view when external users are accessing user records. External users can still see their own user records. This change doesn’t apply to queries running in System Mode.

Where: This change applies to all orgs with communities or portals.

When: This update was activated automatically on January 5, 2020 in production orgs.

How: Salesforce is introducing an org setting that allows for the hiding of other users' personal information in pages showing the user record to external user profiles, and in SOSL and SOQL queries that run as external users.

The affected fields are
  • Alias
  • EmployeeNumber
  • FederationIdentifier
  • SenderEmail
  • Signature
  • Username
  • Division
  • Title
  • Department
  • Extension
Admins can enable the setting Hide Personal Information for the org under User Management Settings. After enabling the setting, searches on user records don't show the affected fields of other users to external users.


Enabling the Hide Personal Information setting is a Salesforce security best practice.


This update is both an update and a security alert, and appears in both the Release Updates node and the Security Alerts page in Setup. To ensure a smooth transition, follow the step-by-step recommendations on the Security Alerts page.