You are here:
Omni Integration Configuration Setup for EnableQueryWithFLS Set to True Control
Enforces Field-Level Security (FLS) validation during SOQL queries executed by Omnistudio Integration Procedures and DataRaptors.
Control Name
Omnistudio - Object and Field Level Security (Select Omni Integration Configuration Setup for EnableQueryWithFLS set to 'True').
Control Overview
Enforces Field-Level Security (FLS) validation during SOQL queries executed by Omnistudio Integration Procedures and DataRaptors, ensuring users can only query fields they're explicitly permitted to read through their profile/permission sets.
Description
When enabled in Omni Integration Configuration custom settings, Omnistudio dynamically modifies query strings at runtime to exclude fields lacking FLS read access. Prevents low-code components from bypassing standard Salesforce field security through dynamic query construction.
Recommended Configuration
Select Omni Integration Configuration Setup for EnableQueryWithFLS set to "True" in Setup>Custom Settings>Omni Integration Configuration.
Security Impact
Eliminates FLS bypass vulnerability in Omnistudio where Integration Procedures could query restricted PII fields regardless of user permissions. Ensures uniform field security across low-code and traditional Apex development.
Business Impact
Aligns Omnistudio query security with native Salesforce governance model. Supports compliance audits demonstrating consistent FLS enforcement across all application layers including Vlocity implementations.
Security Risk If Not Configured
Lack of advanced security checks enforcement to strictly validate Field Level query permissions for all users using Omnistudio allows unauthorized field access through dynamic low-code queries.
Threat Scenarios
External portal users or compromised accounts query sensitive PII fields (SSN, medical ID, financial data) through Omnistudio FlexCards that ignore FLS; internal users access salary, performance, or confidential data via Integration Procedure outputs lacking field restrictions.
Estimated CVSS Score Range
Critical (9.0–10.0).
Risk Impact Considerations
Breaking change requiring comprehensive testing of existing DataRaptors/Integration Procedures; performance overhead from dynamic query rewriting; permission set updates likely needed post-enablement.
Higher Risk When
Complex FLS model with granular field restrictions, external/Experience Cloud users accessing PII objects, Omnistudio powering customer-facing applications, Shield encryption on restricted fields.
Low Risk When
Uniform field access across profiles, internal users only, read-only Omnistudio dashboards without dynamic queries, simple object model without sensitive fields.
Business and Integration Considerations
Must Have for production Omnistudio deployments; enable in sandbox first and validate all Integration Procedures; audit FLS settings on PII objects before production rollout.
Security Health Review Guidance
Must have.
Who Is Impacted
Omnistudio developers building Integration Procedures, security admins managing FLS, external portal users accessing restricted data, compliance teams validating field security enforcement.
