Field Level Governance for Accounts and Prospects

Objective

Field Level Governance (FLG) which gives Outreach admins the powerful new control to visibility and edit controls on individual fields inside any Prospect and Account records. 

Applies To

• Outreach Admins
• Outreach Sellers

Before You Begin

• Make sure you understand how to assign and manage Governance Profiles

Overview

Field Level Governance is a powerful enhancement to our existing Role-Based Access Control (RBAC) Profile based governance system and provides granular control over data visibility (view/edit/hide) at the field level while RBAC continues to provide access to the overall Prospect and Account record.

Since FLG will still be implemented using Profiles, Outreach Admins continue to have full governance control over their end user workflows, data and platform hygiene. This means different roles — like SDRs, AEs, and CSMs — can now be given data access tailored to fields relevant to their workflow and be restricted from others that are sensitive or irrelevant.

This is also an extension of our previous FLG for opportunity amount. Existing customers who are using FLG to govern that field, or new customers who want to, will continue to be supported.

Setup

To set up Field Level Governance, navigate to Administration > User management > Access control > and pick a Profile you want to enforce FLG on > Navigate to Account or Prospect section > Manage field permissions > FLG Management dialog will pop.

FLG management dialog

The FLG management dialog allows you to set per field permissions:

You can scroll or search for any field you want to set up with FLG. Each field will allow you to enforce the following permissions

Available permissions

Once you have done making the changes, click on the ‘Save changes’ button to save the new permissions. FLG will be immediately enforced for the users who are assigned to that Profile.

RBAC vs. FLG

FLG is an enforcement of per-field permissions. For it to be enforceable, the user must have access to the underlying record (Account or Prospect). From a governance enforcement point of view, you’ll need to first set up Profiles for your users to be able to access the records. Only then set up FLG on those record types.

Outreach also recommends that you do periodic permissions review, especially as you update RBAC or FLG permissions, to ensure that your end users continue to enjoy the exact access they need and remove any unwanted access

Interplay with Team Selling

FLG only governs permissions through Profiles. For customers who are using Team Selling (Account Teams or Multi-User Assignment), you’ll need to implement FLG using Profiles just like you implement RBAC based permissions today.

FLG for fields that are marked as ‘Required’

FLG is not allowed for any field that has been marked as Required. If a field is marked ‘Required’ after FLG has already been enforced, Admins need to make sure that the field has both View and Edit permissions for all user Profiles before making the field 'Required'. Failing to do that will mean end users without Edit permissions will fail to create or update records.

If a field is no longer marked ‘Required’ after FLG has already been set up, the field’s permission will be automatically set to reflect the RBAC permission of the parent object.

End user experience

Depending on which fields have FLG permissions enforced, and which permissions Admins have chosen to enforce for the user’s Profile, the end user will have the following experience:

Frequently Asked Questions

What levels of permission can I control per field?

Admins are allowed to set ‘none’, ‘view’ and ‘edit’ permissions for fields associated with any object. ‘None’ means the field will be hidden. ‘View’ means read-only access. ‘Edit’ means end-users can edit the fields.

Can I configure Prospect or Account field permissions differently for different users?

Yes. Fields are governed per Profile. You can create variations in field permissions by creating appropriate Profiles and assigning them to the users.

Which fields are available to govern using Field Level Governance?

Most fields are supported with the exception of internal or system control fields. To see the full list of fields you can go to any Profile > scroll down to Account or Prospect > Click on Manage field permissions. The FLG dialog will list all the fields supported in that object.

Does this affect my existing Profile permissions?

No. FLG is fully backward compatible. Your existing Profiles will continue to work. FLG will pick up the relevant field permissions from your existing RBAC permissions unchanged.

Is this a paid feature?

No. Field Level Governance is accessible to all customers

Is this feature opt-in or enforced by default?

This is an opt-in feature. Admins will need to set up FLG permissions in Profiles before FLG is enforced for end users

How does this impact the ‘Required’ fields I’ve set up for Prospect and Accounts?

FLG is not allowed for any field that has been marked as Required. All users who have record create and edit permissions must have view and edit permissions to those fields as well.

Will APIs also respect FLG?

Yes. APIs will respect the Profile permissions. If you are using APIs to manage Accounts and Prospects

Can I sync with Salesforce Field Level Security?

In this release Admins will have to manage the permissions using Outreach profile permissions

Are there any limitations I should be aware of?

In this release, only Accounts and Prospect objects are supported. For Opportunity, only the amount field is supported.

It is also important to note that Field Level Governance is supported inside specific Outreach controlled experiences and APIs only. The field might still be visible if you’ve any customized UI that Outreach doesn’t control, through integration endpoints, plugins, or for advanced users to work around outside of browser UI etc. It is also not enforced in scenarios where the field is used for backend calculations like, for example, Forecasting or Pipeline Summaries.