OmniStudio Developer Practice Test 2026 – All-In-One Exam Prep

When exposing DataRaptor results in a FlexCard, you must enforce who can see which data. The key idea is that field‑level security and permission checks govern what the user is allowed to view, so the card only surfaces data the user has rights to access. Salesforce field‑level security (FLS) and CRUD permissions determine whether a field is visible, and OmniStudio should honor those protections when delivering DataRaptor output to a FlexCard. If you bypass or ignore these security controls, you risk leaking sensitive information to unauthorized users. Conversely, tying visibility to user permissions ensures you respect data privacy and compliance while still enabling legitimate access for users who should see the data.

This approach also avoids over-restriction. Limiting access to admins only would block many legitimate users who need to work with the data, while disabling security altogether creates obvious risk. By configuring the DataRaptor and FlexCard to respect field‑level security and permission checks, you provide secure, appropriate access tailored to each user’s role.