You are here:
Omni Integration Configuration Setup for EnforceDMFLSAndDataEncryption Set to True Control
Enforces strict Data Masking Field-Level Security (DMFLS) and Shield Platform Encryption validation within Omnistudio Integration Procedures and DataRaptors.
Control Name
Omnistudio - Object and Field Level Security (Select Omni Integration Configuration Setup for EnforceDMFLSAndDataEncryption set to 'True').
Control Overview
Enforces strict Data Masking Field-Level Security (DMFLS) and Shield Platform Encryption validation within Omnistudio Integration Procedures and DataRaptors, ensuring encrypted/masked fields respect user permissions even through low-code components.
Description
When enabled in Omni Integration Configuration custom settings, Omnistudio validates user permissions against encrypted fields (Shield Platform Encryption) and masked fields (Data Mask) before read/write operations in Integration Procedures, FlexCards, and Vlocity components.
Recommended Configuration
Select Omni Integration Configuration Setup for EnforceDMFLSAndDataEncryption set to "True" in Setup>Custom Settings>Omni Integration Configuration.
Security Impact
Prevents unauthorized access to encrypted PII/PHI fields through Omnistudio UIs; compromised accounts cannot bypass Shield encryption or Data Masking protections via Integration Procedure queries or FlexCard displays.
Business Impact
Maintains compliance with data protection regulations (GDPR, HIPAA, CCPA) across low-code applications. Supports Shield Platform Encryption ROI by ensuring uniform enforcement through Vlocity/Omnistudio implementations.
Security Risk If Not Configured
Lack of security checks enforcement to strictly validate Field Level Data Encryption permissions for all users using Omnistudio allows encrypted field bypass through low-code components.
Threat Scenarios
External portal users or compromised internal accounts view decrypted PII/PHI through Omnistudio FlexCards that ignore Shield encryption; Data Masked fields display unmasked values in Integration Procedure outputs, violating data protection controls.
Estimated CVSS Score Range
Critical (9.0–10.0).
Risk Impact Considerations
Breaking change for existing Omnistudio apps accessing encrypted fields; requires permission set updates; performance impact from encryption validation during high-volume operations.
Higher Risk When
Shield Platform Encryption active on PII/PHI fields used by Omnistudio, Data Masking deployed, external/Experience Cloud users access encrypted data, complex permission model with granular field restrictions.
Low Risk When
No Shield encryption or Data Masking deployed, internal users only with uniform field access, Omnistudio used for non-sensitive display-only purposes.
Business and Integration Considerations
Must have for any production Omnistudio deployment using Shield encryption or Data Masking. Test all Integration Procedures and FlexCards in the sandbox before enabling production enforcement.
Security Health Review Guidance
Must have.
Who Is Impacted
Omnistudio developers, Shield Platform Encryption admins, Data Masking implementers, external portal users accessing encrypted data, security teams validating encryption enforcement.
