Newer Version Available

This content describes an older version of this product. View Latest

Platform Encryption Data Visibility

Users and administrators see information based on a combination of factors described here. However, you control who has access to sensitive data.

When users work in an organization with Platform Encryption enabled, it’s important that they understand the difference between encrypted data at rest and data masking. Encrypted data at rest refers to data encrypted when stored. Masking refers to hiding visible data in a field by replacing the characters.

Users can view, depending on permissions or whether the data resides in a file or field, some data in cleartext instead of as masked. There are a couple of reasons for this behavior:
  • Permissions. Users who must access certain, sensitive data can have the View Encrypted Data permission enabled. For example, a human resources director might need to view sensitive employee information in a field, while a clerk doesn’t. Although the human resources director can view the sensitive data, it remains encrypted at rest.
  • Encrypted files remain visible. Although encrypted, files remain visible to users who have access to them. In contrast, to view encrypted data in fields, a user must have the View Encrypted Data permission. Use appropriate sharing settings if data in a file must remain hidden.