Loading
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Security Checks for Omnistudio

            You are here:

            1. Salesforce Help
            2. Docs
            3. Omnistudio

            Security Checks for Omnistudio

            The security checks for Omnistudio enforce stricter validation of access and permissions. These checks make sure that users, including guest, authenticated, and non-authenticated users, have the appropriate access to objects and fields used within Omnistudio components.

            Field-Level Security Requirements for Standard Runtime

            Standard runtime enforces field-level security (FLS) more strictly than the managed package runtime. To prevent LWC compilation errors and component visibility issues, you must explicitly grant field-level permissions on these Omnistudio objects for all user profiles that run Omnistudio components:

            Object Required FLS
            Omni Process Compilation Read, Edit
            Omni Data Transformation Read
            Omniscript Saved Sessions Read, Edit

            These requirements apply to the standard runtime and are separate from the security feature flags described below.

            These feature flags control the Omnistudio security checks. The security checks only apply when the flag is enabled.

            • ApexClassCheck: Requires users to have explicit Apex class access for any remote actions called from Omniscripts or Flexcards. See Add an Apex Class Permissions Checker.
            • EnforceDMFLSAndDataEncryption: Automatically enforces Object and field-level security (FLS) for all Data Mappers. Users without the View Encrypted Data permission can’t view encrypted fields in plain text. See Security for Omnistudio Data Mappers and Integration Procedures.
            • EnableQueryWithFLS: Enforces FLS for all Salesforce Object Search Language (SOSL) and Salesforce Object Query Language (SOQL) queries within Flexcards, ensuring data visibility respects user permissions. See Set Up a Data Source on a Flexcard.

            There are no behavioral changes to these previously announced security flags. Enabling them continues to support consistent enforcement of data access and security controls across Omnistudio components.

            To enable these Omnistudio security flags:

            1. From Setup, in the Quick Find box, enter Omni Interaction Configuration, and then select Omni Interaction Configuration.
            2. Click New Omni Interaction Configuration.
            3. In the Label field, enter the flag name exactly as shown above. For example, ApexClassCheck. The Name field is auto-populated from the label.
            4. In the Value field, enter true. The value is not case-sensitive.
            Important
            Important During the week of February 2, 2026, Salesforce enables the ApexClassCheck, EnforceDMFLSAndDataEncryption, and EnableQueryWithFLS settings by default to enhance org security. Review and prepare your configuration for a seamless transition and to prevent potential service interruptions.
             
            Loading
            Salesforce Help | Article