Loading
Feature Disruption - Service Cloud VoiceRead More
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            AdvancedOmnistudioAccessCheck Configured set to True Control

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            AdvancedOmnistudioAccessCheck Configured set to True Control

            Org‑wide setting that enforces a strict Salesforce security model across all Omnistudio components.

            Control Name

            Omnistudio - Object and Field Level Security (AdvancedOmnistudioAccessCheck Configured set to 'True').

            Control Overview

            Org‑wide setting that enforces strict Salesforce security model (object permissions, field‑level security, Apex sharing rules) across all Omnistudio components including Vlocity Cards, FlexCards, Integration Procedures, and DataRaptors.

            Description

            When enabled, Omnistudio runtime validates every user's permissions before data access/display rather than bypassing FLS/CRUD through component logic. This applies to both internal users and external Experience Cloud portals using Omnistudio UI.

            Recommended Configuration

            Select AdvancedOmnistudioAccessCheck Configured set to "True" in Setup>Custom Settings>Omnistudio global settings.

            Security Impact

            Prevents privilege escalation through Omnistudio UIs by ensuring components respect the same permission model as standard Salesforce pages. Eliminates common bypass patterns where FlexCards/DataRaptors ignored sharing rules.

            Business Impact

            Aligns low‑code Omnistudio development with enterprise security governance. Supports compliance audits showing uniform permission enforcement across custom and standard functionality.

            Security Risk If Not Configured

            Lack of advanced security checks enforcement to strictly validate object, field‑level, and Apex class permissions for all users using Omnistudio creates permission bypass vulnerabilities.

            Threat Scenarios

            Increased risk of field and object data exposure; external portal users view PII fields that they shouldn't access, internal users see records outside sharing boundaries, or compromised accounts harvest data through Omnistudio‑driven reports/APIs.

            Estimated CVSS Score Range

            Critical (9.0–10.0).

            Risk Impact Considerations

            Existing Omnistudio apps may break when enabling (components accessing restricted data); comprehensive testing required; storage and performance impact minimal.

            Higher Risk When

            Omnistudio powers Experience Cloud portals, handles PII/PHI/financial data, complex sharing model (territory/owner/rules), or external/partner users are enabled.

            Low Risk When

            Internal users only, simple object model without sharing rules, Omnistudio used for display‑only dashboards with no data modification.

            Business and Integration Considerations

            Enable in sandbox first and systematically test all Omnistudio pages. Update permission sets and profiles as needed post‑deployment.

            Security Health Review Guidance

            Must have.

            Who Is Impacted

            Omnistudio developers, Experience Cloud admins, security architects validating low‑code security, end users accessing Omnistudio‑powered applications.

            See Also

             
            Loading
            Salesforce Help | Article