How to Fix Salesforce Field-Level Security Issues
Step-by-step fix guide with AI-powered diagnosis from BuildForce.
Salesforce Field-Level Security (FLS) issues appear in three ways: users see fields as blank or hidden when they should be visible (FLS set to 'Hidden' on their profile), integrations fail to write field values (integration user's profile lacks Edit access to the field), and Apex code throwing INVALID_FIELD errors in strict mode (the running user doesn't have field access and the code doesn't use 'without sharing'). The fix is to identify which profiles need access and update FLS via permission sets — not direct profile edits.
Symptoms
Fields visible in some user profiles but blank or missing in others
Integration writes failing with 'INVALID_FIELD' or no error but data not saving
Reports showing empty field columns for certain users
Apex code throwing 'System.NoAccessException: No access to entity' in production
Fields visible in Classic but not appearing in Lightning record pages
Root Causes
Profile FLS set to 'Hidden' for the wrong profile
When a user's assigned profile has a field marked as Hidden, they can't see or edit the field regardless of page layout. Profile FLS overrides page layout visibility.
Integration user profile missing Edit access
Integration connected apps run as a specific Salesforce user. If that user's profile doesn't have Edit access to a field, API writes to that field are silently ignored — no error, the data just doesn't save.
Permission sets not applied
Permission sets can grant field access on top of profile restrictions. If the correct permission set wasn't assigned to the user, they won't have the expected access even though the permission set exists.
FLS not enforced in Apex but checked in UI
Page layouts and list views enforce FLS. Apex code using 'with sharing' also enforces FLS in newer API versions. Code paths that work in lower API versions may start throwing FLS errors after a Salesforce upgrade.
How to Fix It — Step by Step
Check effective field access for a specific user
Use the 'View as User' feature in Setup → Users to see exactly what fields a specific user can see and edit. This is the fastest way to confirm an FLS issue.
# SOQL to check FLS for a specific field and user
SELECT Field, PermissionsRead, PermissionsEdit
FROM FieldPermissions
WHERE SobjectType = 'Contact'
AND Parent.ProfileId = '[profile_id]'Identify which profiles are missing field access
In Setup → Object Manager → [Object] → Fields & Relationships → [Field], click 'Set Field-Level Security'. Review which profiles have Read and Edit access. Profile FLS is the baseline — permission sets can add access but not remove profile access.
Use permission sets instead of editing profiles
Best practice is to grant additional field access through permission sets, not direct profile edits. Create a permission set for the required field access and assign it to the relevant users or integration user account.
Fix integration user field access
For integration write failures, check the integration user's profile and all assigned permission sets for the failing field. Add the field with 'Edit' access to a permission set and assign it to the integration user.
Audit Apex code for FLS enforcement
Search your Apex codebase for 'Schema.sObjectType' and 'isAccessible()', 'isUpdateable()' checks. Ensure code that writes fields verifies the running user has edit access before attempting the DML operation.
// Check FLS before DML
if (Schema.sObjectType.Contact.fields.Custom_Field__c.isUpdateable()) {
contact.Custom_Field__c = newValue;
update contact;
}Scan for FLS issues with BuildForce
Run BuildForce's security health check to get a full audit of field-level security gaps across all integration users and profiles — surfacing fields that integrations can't write to and fields exposed to profiles that should be restricted.
Let BuildForce diagnose and fix this automatically
Instead of following manual steps, connect your org and let our AI identify exactly what's broken and how to fix it — in minutes.
Book a DemoCommon Questions
More answers about this issue and how to resolve it.
Stop debugging manually. Let AI do it.
BuildForce runs 200+ automated checks across your Salesforce org and tells you exactly what's broken and how to fix it.