Universal Containers is creating a custom Visualforce page to allow users to edit contact records. The developer has used an apex: outputField for the Phone field on the contact object. What is the expected behavior if a user without field-level security accesses the Visualforce page?
Computers and Technology · High School · Tue Nov 03 2020
Answered on
If a user without field-level security (FLS) access attempts to view a Visualforce page that uses the apex:outputField
component for a field, such as the Phone field on the contact object, the expected behavior is as follows:
1. Read-Only Access:
- The
apex:outputField
component automatically respects the field-level security settings. - If the user does not have read access to the Phone field, the Visualforce page will display the field as read-only or may not display it at all, depending on the specific configuration.
2. No Edit Access:
- The
apex:outputField
component does not allow users to edit the field value. - Even if the user has write (edit) access to the record, the
apex:outputField
component will render the field as read-only.
In summary, the apex:outputField
component respects the field-level security settings for both read and edit access. If a user lacks read access to the Phone field, the field won't be displayed, and if they lack edit access, the field will be rendered as read-only, regardless of whether the user has edit access to the record itself.