Block Certain Fields in the User Record for Orgs with Communities and Portals (Previously Released Security Alert and Update, Enforced)
Salesforce is giving customers the option to enable a user setting
that allows the hiding of certain personal information fields on the user records in orgs with
communities or portals. The fields are hidden from view when external users are accessing user
records. External users can still see their own user records. This change doesn’t apply to
queries running in System Mode.
Where: This change applies to all orgs with communities or portals.
When: This update was activated automatically on January 5, 2020 in production orgs.
How: Salesforce is introducing an org setting that allows for the hiding of other users' personal information in pages showing the user record to external user profiles, and in SOSL and SOQL queries that run as external users.
The affected fields are
- Alias
- EmployeeNumber
- FederationIdentifier
- SenderEmail
- Signature
- Username
- Division
- Title
- Department
- Extension
Admins can enable the setting Hide Personal Information for the org
under User Management Settings. After enabling the setting, searches on user records don't
show the affected fields of other users to external users.
Enabling
the Hide Personal Information setting is a Salesforce security best
practice.
