Tip #1156: Locked fields out of the box

Long time ago Stefan Strube sent me this tip, I filed it away and forgot all about it (sorry, Stefan!). Until last week, that is, when I started new deployment and customer had specific need for couple rollups on account entity. Good news was that those rollups are out of the box: opendeals and openrevenue, so I dropped then on the form and left it be. Bad news was that the testers immediately complained that they can’t see these fields at all.


What the?

Tip from Stefan to the rescue! These rollup fields are Field Security enabled by default, therefore only the admins will see the calculated values but all other users will not.

To check what’s going on out of the box, create a new field security profile and, presto:


These are OOB fields that have field security enabled on them.

As per the original tip, if you want to make these fields available to (a group of) users, create a Field Security Profile for this and set Read privilege to Yes. Update and Create are not available simply because these fields are rollups. You probably noticed an interesting case of sharepointemailaddress field – Read privilege cannot be set at all. This is because the metadata flag CanBeSecuredForRead is false, meaning “You shall not deny user reading this field”. Oh, well, nobody knows what this is field is for, anyway. Wait a minute, turns out I do!

(Facebook and Twitter cover photo by Markus Spiske on Unsplash)

Leave a Reply

Your email address will not be published. Required fields are marked *