What is the recommended way to handle field-level security in FlexCards?

• A. Rely on Salesforce Field-Level Security and ensure FlexCard data sources honor permissions; avoid exposing restricted fields.
• B. Manually filter fields in the UI even if not permitted.
• C. Field-level security is not applicable to FlexCards.
• D. Grant all users access to all fields in FlexCards.

Answer: (A)

Relying on Salesforce Field-Level Security and ensuring the FlexCard data sources honor those permissions is the right approach. By enforcing permissions at the data source level, restricted fields are not exposed to users who don’t have access, keeping security consistent with Salesforce’s model. This avoids the pitfalls of trying to filter fields in the UI after data is fetched, which is error-prone and can be bypassed. Field-level security applies to FlexCards because they display data pulled from Salesforce or other sources; you should hide or omit fields based on the user’s permissions rather than granting broad access or attempting post-fetch filtering. Granting all users access to all fields undermines security and is not appropriate.