Metadata API Developer Guide

Introduction to Metadata API
Using Metadata API
Reference
File-Based Calls
CRUD-Based Calls
Utility Calls
Result Objects
Metadata Types
Metadata Components and Types
Metadata Coverage Report
Unsupported Metadata Types
Special Behavior in Metadata API Deployments
Data Cloud Metadata Types
AccountRelationshipShareRule
AccountingFieldMapping
AccountingModelConfig
ActionLinkGroupTemplate
ActionPlanTemplate
ActionableListDefinition
AdvAccountForecastSet
AffinityScoreDefinition
AIApplication
AIApplicationConfig
AIScoringModelDefinition
AIUsecaseDefinition
AnalyticSnapshot
AnimationRule
ArticleType
ApexClass
ApexComponent
ApexEmailNotifications
ApexPage
ApexTestSuite
ApexTrigger
AppMenu
AppointmentAssignmentPolicy
AppointmentSchedulingPolicy
ApprovalProcess
AssignmentRules
AssessmentQuestion
AssessmentQuestionSet
Audience
AuraDefinitionBundle
AuthProvider
AutoResponseRules
BatchCalcJobDefinition
BatchProcessJobDefinition
BlacklistedConsumer
Bot
BotBlock
BotTemplate
BotVersion
BrandingSet
BriefcaseDefinition
BusinessProcessGroup
CallCenter
CallCoachingMediaProvider
CampaignInfluenceModel
CaseSubjectParticle
CareBenefitVerifySettings
CareLimitType
CareSystemFieldMapping
CareProviderSearchConfig
CareRequestConfiguration
Certificate
ChatterExtension
ClaimFinancialSettings
ClauseCatgConfiguration
CleanDataService
CMSConnectSource
Community (Zone)
CommerceSettings
CommunityTemplateDefinition
CommunityThemeDefinition
ConnectedApp
ContentAsset
ContextDefinition
ConversationMessageDefinition
CorsWhitelistOrigin
CspTrustedSite
CustomApplication
CustomApplicationComponent
CustomFeedFilter
CustomHelpMenuSection
CustomIndex
CustomLabels
Custom Metadata Types (CustomObject)
CustomNotificationType
CustomObject
CustomObjectTranslation
CustomPageWebLink
CustomPermission
CustomSite
CustomTab
CustomValue
Dashboard
DataCategoryGroup
DataWeaveResource
DecisionTable
DecisionTableDatasetLink
DecisionMatrixDefinition
DelegateGroup
DigitalExperienceBundle
DigitalExperienceConfig
DisclosureDefinition
DisclosureDefinitionVersion
DisclosureType
DiscoveryAIModel
DiscoveryGoal
DiscoveryStory
Document
DocumentCategory
DocumentCategoryDocumentType
DocumentChecklistSettings
DocumentType
DuplicateRule
EclairGeoData
EmailServicesFunction
EmailTemplate
EmbeddedServiceBranding
EmbeddedServiceConfig
EmbeddedServiceFieldService
EmbeddedServiceFlowConfig
EmbeddedServiceLiveAgent
EmbeddedServiceMenuSettings
EnablementMeasureDefinition
EnablementProgramDefinition
EntitlementProcess
EntitlementTemplate
EscalationRules
EventDelivery
EventRelayConfig
EventSubscription
ExperienceBundle
ExperiencePropertyTypeBundle (Beta)
ExplainabilityMsgTemplate
ExpressionSetDefinition
ExpressionSetMessageToken
ExpressionSetObjectAlias
ExternalClientApplication
ExternalCredential
ExternalAIModel
ExternalServiceRegistration
ExtlClntAppConfigurablePolicies
ExtlClntAppGlobalOauthSettings
ExtlClntAppOauthConfigurablePolicies
ExtlClntAppOauthSettings
FeatureParameterBoolean
FeatureParameterDate
FeatureParameterInteger
FieldRestrictionRule
FlexiPage
Flow
FlowCategory
FlowDefinition
FlowTest
Folder
ForecastingFilter
ForecastingFilterCondition
ForecastingSourceDefinition
ForecastingType
ForecastingTypeSource
FuelType
FuelTypeSustnUom
FunctionReference
FundraisingConfig
GatewayProviderPaymentMethodType
GenAiFunction
GenAiPlanner
GenAiPromptTemplate
GenAiPromptTemplateActv
GlobalPicklist
GlobalPicklistValue
GlobalValueSet
GlobalValueSetTranslation
Group
HomePageComponent
HomePageLayout
IdentityVerificationProcDef
IdentityVerificationProcDtl
IdentityVerificationProcFld
InboundCertificate
InboundNetworkConnection
IndustriesPricingSettings
InstalledPackage
IntegrationProviderDef
IPAddressRange
KeywordList
Layout
Letterhead
LightningBolt
LightningComponentBundle
LightningExperienceTheme
LightningMessageChannel
LightningOnboardingConfig
LiveChatAgentConfig
LiveChatButton
LiveChatDeployment
LiveChatSensitiveDataRule
LoyaltyProgramSetup
ManagedContentType
ManagedEventSubscription (Beta)
ManagedTopics
MarketingAppExtension
MatchingRule
MessagingChannel
Metadata
MetadataWithContent
MfgProgramTemplate
MilestoneType
MlDomain
MLDataDefinition
MLPredictionDefinition
MobileApplicationDetail
MobileSecurityAssignment
MobileSecurityPolicy
MobSecurityCertPinConfig
ModerationRule
MutingPermissionSet
MyDomainDiscoverableLogin
NamedCredential
NavigationMenu
Network
NetworkBranding
NotificationTypeConfig
OauthCustomScope
OauthTokenExchangeHandler
OcrSampleDocument
OcrTemplate
OmniExtTrackingDef
OmniScript
OmniSupervisorConfig
OmniTrackingGroup
OutboundNetworkConnection
Package
ParticipantRole
PathAssistant
PaymentGatewayProvider
PermissionSet
PermissionSetGroup
PermissionSetLicenseDefinition (Developer Preview)
PersonAccountOwnerPowerUser
PipelineInspMetricConfig
PlatformCachePartition
PlatformEventChannel
PlatformEventChannelMember
PlatformEventSubscriberConfig
Portal
PortalDelegablePermissionSet
PostTemplate
ProductAttributeSet
PresenceDeclineReason
PresenceUserConfig
Profile
ProfileActionOverride
ProfilePasswordPolicy
ProfileSessionSetting
Prompt
Queue
QueueRoutingConfig
QuickAction
RedirectWhitelistUrl
RecommendationStrategy
RecordActionDeployment
RecordAggregationDefinition
RecordAlertCategory
RegisteredExternalService
ReferencedDashboard
RelatedRecordAssocCriteria
RelationshipGraphDefinition
RemoteSiteSetting
Report
ReportType
RestrictionRule
Role
RoleOrTerritory
SalesWorkQueueSettings
SamlSsoConfig
SchedulingObjective
SchedulingRule
Scontrol
SearchCustomization
SearchOrgWideObjectConfig
ServiceAISetupDefinition
ServiceAISetupField
ServiceChannel
ServicePresenceStatus
ServiceProcess
Settings
SharedTo
SharingBaseRule
SharingRules
SharingSet
SiteDotCom
Skill
StandardValueSet
StandardValueSetTranslation
StaticResource
SustainabilityUom
SustnUomConversion
SvcCatalogCategory
SvcCatalogFulfillmentFlow
SvcCatalogItemDef
SynonymDictionary
Territory
Territory2
Territory2Model
Territory2Rule
Territory2Type
TimelineObjectDefinition
TimeSheetTemplate
TopicsForObjects
TransactionSecurityPolicy
Translations
UIObjectRelationConfig
UserAccessPolicy
UserAuthCertificate
UserCriteria
UserProfileSearchScope
UserProvisioningConfig
VirtualVisitConfig
WaveApplication
WaveComponent
WaveDataflow
WaveDashboard
WaveDataset
WaveLens
WaveRecipe
WaveTemplateBundle
WaveXmd
WebStoreBundle
WebStoreTemplate
Workflow
WorkSkillRouting
Headers
Appendices
PDF

Newer Version Available

This content describes an older version of this product. View Latest

FieldRestrictionRule

Represents a field visibility rule that controls whether a field is visible to a user, based on the field’s inclusion in a field set. If Enhanced Personal Information Management setting was enabled before Spring ’22, field visibility is based on the field’s compliance categorization. This type extends the Metadata metadata type and inherits its fullName field.

Where possible, we changed noninclusive terms to align with our company value of Equality. We maintained certain terms to avoid any effect on customer implementations.

Important

File Suffix and Directory Location

FieldRestrictionRule components have the suffix .rule and are stored in the fieldRestrictionRules folder.

Version

FieldRestrictionRule components are available in API version 52.0 and later.

Special Access Rules

  • To access this type, you must have the Manage Sharing permission.
  • To create and manage Employee field visibility rules, you must be assigned a Workplace Command Center permission set license and the Provides access to Workplace Command Center features system permission.
  • To create and manage User field visibility rules, you must enable Digital Experiences and the Enhanced Personal Information Management feature.

Fields

Field Name Field Type Description
active boolean Indicates whether the rule is active (true) or not (false). The default value is false.
classification string[] Required. The data classification compliance categorization or field set that is targeted by the rule. The rule applies to fields that are marked with this categorization or included in this field set. If you enabled Enhanced Personal Information Management before Spring ‘22 (API version 54.0), you can use Salesforce's default compliance categorization values or values that you add yourself. If you enabled Enhanced Personal Information Management after Spring ‘22 (API version 54.0), use the PersonalInfo_EPIM field set or a field set that you add yourself.
classificationType ClassificationType (enumeration of type string) The type of classification method used in your org. If you enabled Enhanced Personal Information Management before Spring ‘22 (API version 54.0), use ComplianceCategory. If you enabled Enhanced Personal Information Management after Spring ‘22, use FieldSet.
  • ComplianceCategory
  • FieldSet
The default value is ComplianceCategory. Available in API version 54.0 and later.
description string Required. The description of the rule.
enforcementType EnforcementType (enumeration of type string) Required. The type of rule. Possible values are:
  • FieldRestrict—Field visibility rule. Only this value is valid.
  • Restrict—Do not use.
  • Scoping—Do not use.
masterLabel string Required. The name of the rule.
recordFilter string Required. The criteria that determine which fields are visible to the specified users. For example, the field can check if the logged-in user matches the Employee’s ID.
targetEntity string Required. The object for which you're creating the rule. Only the Employee and User objects are supported.
userCriteria string Required. The users that this rule applies to, such as all active users or users with a specified role or profile.
version int Required. The rule's version number.

Declarative Metadata Sample Definition

The following is an example of a FieldRestrictionRule component, which uses the ComplianceCategory classification type. The classification value is one of Salesforce's default compliance categorization values, but you can create a custom compliance categorization value to use instead.

1<?xml version="1.0" encoding="UTF-8"?>
2<FieldRestrictionRule xmlns="http://soap.sforce.com/2006/04/metadata">
3    <active>true</active>
4    <classification>PII</classification>
5    <classificationType>ComplianceCategory</classificationType>
6    <description>Is Owner of Employee</description>
7    <enforcementType>FieldRestrict</enforcementType>
8    <masterLabel>Is Owner Field Restriction Rule</masterLabel>
9    <recordFilter>OwnerId = $User.Id</recordFilter>
10    <targetEntity>Employee</targetEntity>
11    <userCriteria>$User.IsActive = true</userCriteria>
12    <version>1</version>
13</FieldRestrictionRule>

The following is an example of a FieldRestrictionRule component, which uses the FieldSet classification type. The classification value is Salesforce's default field set for personal information, but you can create a field set to use instead.

1<?xml version="1.0" encoding="UTF-8"?>
2<FieldRestrictionRule xmlns="http://soap.sforce.com/2006/04/metadata">
3    <active>true</active>
4    <classification>PersonalInfo_EPIM</classification>
5    <classificationType>FieldSet</classificationType>
6    <description>Is Owner of Employee</description>
7    <enforcementType>FieldRestrict</enforcementType>
8    <masterLabel>Is Owner Field Restriction Rule</masterLabel>
9    <recordFilter>OwnerId = $User.Id</recordFilter>
10    <targetEntity>Employee</targetEntity>
11    <userCriteria>$User.IsActive = true</userCriteria>
12    <version>1</version>
13</FieldRestrictionRule>

The following is an example package.xml that references the previous definition.

1<?xml version="1.0" encoding="UTF-8"?>
2<Package xmlns="http://soap.sforce.com/2006/04/metadata">
3    <types>
4        <members>*</members>
5        <name>FieldRestrictionRule</name>
6    </types>
7    <version>52.0</version>
8</Package>