Understanding Field Level Security Precedence

When using field level security in the Web Client, greater access takes precedence over lesser access. Access is determined by combining the maximum access of all profiles assigned to that user and owner.

If a user has more than one security profile (for example, the user is added to a team as a nested team or department and is also a direct member of the parent team), the security profiles share the same seccode (owner). When determining security access for a field, multiple profiles may be returned.

Security profiles are created and managed in the Administrator.

The following profiles are available:

Read Only Default - Sets all tables and fields visible in the Security Profile Manager to Read Only access.
Read/Write Default - Sets all tables and fields visible in the Security Profile Manager to Read/Write access except the Account table SecCodeID field. This restricts the user from reassigning account ownership.
Team Owner Profile - Sets all tables and fields visible in the Security Profile Manager to Read/Write access. This allows the user to reassign account ownership. You cannot assign the Team Owner Profile to WebViewer users.