Read the screenplay: FANNIEGATE — $7 trillion. 17 years. The biggest fraud in American capital markets.
#25🔒 SecurityAnnoying

New Field Visible to Everyone: Forgot Field-Level Security

Created a Salary__c field on Contact. Checked 'Visible' for all profiles. Every user in the org could see salaries.

What Happened

Added a Salary__c field to Contact for the HR team. During field creation, Salesforce asks which profiles should see it. I clicked 'Visible' for all profiles because I was in a hurry and planned to 'fix permissions later.' Later never came. Three weeks later, a sales rep mentioned in a meeting that they could see Contact salaries. The HR director was not amused. I had to audit every custom field in the org for similar oversights.

The Wrong Way

// Creating new field: Contact.Salary__c
// Step 5: "Set Field-Level Security"
//
// ☑ System Administrator → Visible
// ☑ Sales User → Visible     ← WHY
// ☑ Marketing User → Visible ← WHY
// ☑ Support User → Visible   ← WHY
// ☑ HR Team → Visible         ← only this one needed
//
// "I'll fix permissions later" = famous last words

The Right Way

// Creating new field: Contact.Salary__c
// Step 5: "Set Field-Level Security"
//
// ☐ System Administrator → Visible (use Perm Set)
// ☐ Sales User → NOT Visible
// ☐ Marketing User → NOT Visible
// ☐ Support User → NOT Visible
// ☐ HR Team → NOT Visible (use Perm Set below)
//
// THEN: Create a Permission Set:
// "HR - Sensitive Fields Access"
//   Contact.Salary__c → Visible + Editable
//
// Assign the Permission Set to HR users only.
//
// Default: hidden from everyone.
// Opt-in: Permission Set for those who need it.
// This is the principle of least privilege.

The Lesson

Default every new field to hidden. Use Permission Sets to grant access. Never rely on 'I'll fix it later.' Sensitive data exposed for even one day is a compliance issue.

Share this mistake on X

Don't make this mistake.

Hire someone who already did.

View Consulting →
API Keys Hardcoded in Apex: Now in Version Control ForeverMaking a Callout from a Trigger

Enjoyed this? Get more like it.

Glen's Musings — AI, investing, and building things. Occasional. Free.

More Security Mistakes

Career-Ending

Forgot 'with sharing': Every User Could See Everything

Wrote an Apex class without the sharing keyword. Every user bypassed all sharing rules. Full org access.

Read moreCareer-Ending

String Concatenation in SOQL: Hello, Injection

Built a dynamic SOQL query with string concatenation from user input. Textbook injection vulnerability.

Read morePainful

Gave Everyone 'Modify All' Because It Fixed the Bug

Users couldn't edit records. I gave the profile 'Modify All Data' instead of fixing the actual sharing rules.

Read more