Loading
Feature Disruption - Service Cloud VoiceRead More
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Flow Builder Setup Control

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Flow Builder Setup Control

            Configures Flow execution context to enforce sharing rules and user permissions, preventing automated workflows from bypassing org security model and accessing unauthorized data.

            Control Name

            Flow Builder Setup

            Control Overview

            Configures Flow execution context to enforce sharing rules and user permissions, preventing automated workflows from bypassing org security model and accessing unauthorized data.

            Description

            Flow Builder offers three execution modes: User Context (respects running user's permissions/sharing), System Context with Sharing (system runs with sharing enforced), and System Context without Sharing (bypasses all sharing/FLS); critical setting for data protection in automations.

            Recommended Configuration

            In Flow Builder Advanced Setup, set Flows as User Context or System Context with Sharing. System Context without Sharing is not recommended.

            Security Impact

            Requires automated processes to respect the same field-level security (FLS), object permissions, and sharing rules as interactive users, preventing privilege escalation through workflows.

            Business Impact

            Maintains a consistent security model across manual and automated processes. Avoids rework from Flows accessing data users shouldn't see. Supports compliance audits showing uniform enforcement.

            Security Risk If Not Configured

            Lack of user or system context with sharing in Flow Builder setup enables Flows to bypass security controls, exposing sensitive data through automation.

            Threat Scenarios

            Higher risk of exposing sensitive data or allowing unauthorized actions through automation such as scheduled Flows harvesting PII across sharing boundaries, screen flows showing restricted records to unauthorized users, or record-triggered flows creating unauthorized child records.

            Estimated CVSS Score Range

            High (7.0–8.9).

            Risk Impact Considerations

            Every Flow must be individually reviewed; existing Flows may break when changing from "without sharing"; test thoroughly in the sandbox before bulk updates.

            Higher Risk When

            Complex sharing model (role/territory/owner-based), external/Community users, heavy Flow automation replacing Apex triggers, or Flows handling PII/financial data.

            Low Risk When

            Simple public read-only Flows, internal users with uniform permissions, Flows only creating internal system records with no user data access.

            Business and Integration Considerations

            Audit all existing Flows before changing context. Use Flow definition reports to identify "without sharing" Flows. Migrate gradually to avoid breaking critical automations.

            Security Health Review Guidance

            Strongly recommended.

            Who Is Impacted

            Flow developers, Salesforce admins managing automations, security architects reviewing automation security, end users relying on sharing rules for data protection.

            See Also

             
            Loading
            Salesforce Help | Article