Field Level Security (FLS) is a Salesforce feature that allows administrators to control which users can view or edit specific fields on an object, based on the user's assigned Profile. When an administrator retrieves the metadata of a Profile that includes the ContentVersion SObject — the standard Salesforce object that stores individual versions of files in Salesforce Files — the standard fields of ContentVersion are not included in the exported metadata results.
The ContentVersion SObject does not support Field Level Security (FLS). Because FLS is not supported on this object, all custom fields added to ContentVersion are automatically visible to users of all Profiles. FLS settings cannot be configured to restrict access to these custom fields.
When performing a metadata export of a Profile, Salesforce exports the custom fields of ContentVersion because they are visible to all profiles by default. However, none of the standard fields of ContentVersion are exported in the Profile metadata, because standard fields on SObjects that do not support FLS are excluded from Profile metadata exports.
If your Salesforce org has custom fields on the ContentVersion object that contain sensitive data, be aware that FLS cannot restrict access to those fields. Any user with access to files in Salesforce Files can potentially see these custom field values. Consider whether sensitive data should be stored in ContentVersion or in a separate Salesforce SObject that supports FLS, so that field-level access controls can be applied appropriately.
000380808

We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.