Introduction

You come across various types of data from product names and numbers to customer names and account numbers. The information collected and how it is handled can vary from project to project or company to company. Additionally, if there are integrated systems in place, the complexity increases. In this post, we won't discuss how you should handle sensitive information such as personal information. However, I'll give you a rough idea of how you can handle it in Salesforce.

 

Encrypted or Security Field

Creating encrypted fields allows you to protect sensitive data from unauthorized users. When you create an encrypted field, the values are masked. To view the original values of the masked data, you can grant the "View Encrypted Data" permission to specific users.

Depending on the field's purpose, you can configure the desired format even when it's masked.

 

  • Encrypted fields are encrypted with a 128-bit master key using the Advanced Encryption Standard (AES) algorithm. The master encryption key can be archived, deleted, and retrieved. To enable master encryption key management, you need to contact Salesforce.
  • While you can use encrypted fields in email templates, the values are always masked regardless of whether the user has the View Encrypted Data permission.
  • If a user has the View Encrypted Data permission and has granted login access to another user, that user can view the encrypted fields in plaintext.
  • To clone the values of encrypted fields, only users with View Encrypted Data permission can do so when cloning the record.
  • The `<apex:outputField>` component is the only one supported for displaying encrypted fields on Visualforce pages.
  • When using Visualforce email templates or calling Visualforce pages using getContent or getContentAsPDF requests, the values of encrypted fields are always masked, regardless of whether the user has the View Encrypted Data permission. Masking applies both during Apex execution and in the generated Visualforce markup.

 

Encrypted Field Creation

Setup -> Object Manager -> the targeted object -> Field & Relationships -> New

Result

I put values in each field to test.

 

You can see the original value on the left and encrypted values on the right.

You still see encrypted values even when you go into the edit mode.

 

View Encrypted Data Permission Grant

Setup -> Permission Sets -> New

 

Manage Assignments -> Add Assignment

Now you see original values with the permission you granted.

 

Encrypt Fields Vs. Hide Fields from Layouts

If the information is sensitive, it should indeed be hidden on the layouts. However, there are clear distinctions between these two:

  1. Sensitive information that requires encryption for storage -> Encryption is necessary.
  2. Information is sensitive, and authorized users need to view it -> Encryption is required.
  3. Only needs to be hidden from regular users -> Remove from layouts.
  4. Can be displayed on the screen but should not be editable -> Expose as read-only or use formulas to display.

Considerations

    • Cannot have an external ID or default value.
    • Cannot be used to map leads to other objects.
    • Limited to 175 characters due to the encryption algorithm.
    • Cannot be used in filters, such as list views, reports, roll-up summary fields, and rule filters.
    • Cannot define report criteria but can be included in report results.
    • Not searchable but can be included in search results.
    • Not available for Connect Offline, Salesforce for Outlook, lead conversion, workflow rule criteria or formulas, formula fields, outbound messages, defaults, and Web-to-Lead or Web-to-Case forms.
    • Encrypted fields are editable regardless of View Encrypted Data permission.
    • To prevent editing of encrypted fields, you can use Validation, Field Level Security, or Page Layout.
    • Users need View Encrypted Data permission in the service of the Apex request to view unmasked encrypted data in debug logs.
    • To encrypt the values of existing (unencrypted) fields, export the data, create an encrypted custom field to store the data, and import the data into the new encrypted field.
    • The mask type does not validate if the data matches the mask type; users need to control this through direct validation.
    • Encrypting fields is advisable when necessary.

 

Reference

https://help.salesforce.com/s/articleView?id=sf.fields_about_encrypted_fields.htm&type=5

https://salesforcefaqs.com/create-a-text-encrypted-field-type-in-salesforce/

https://www.capstorm.com/salesforce-tips/salesforce-encrypted-fields/

 

저작자표시 변경금지 (새창열림)

'Salesforce > Admin_English' 카테고리의 다른 글

Salesforce Admin Change Sets  (2) 2024.02.11
Salesforce Admin Custom Notification  (0) 2024.01.28
Salesforce Admin Path Assistant  (0) 2024.01.14
Salesforce Admin Dynamic Forms  (0) 2024.01.07
Salesforce Admin Page Layouts  (0) 2023.12.31

티스토리툴바