The Summer ‘26 Feature
Field Access tab in Object Manager consolidates: every field, where access is granted, which profiles/permission sets control it. Replaces manual cross-referencing.
Audit Cadence
Quarterly review. Export the Field Access map. Compare against your data classification (PII, PHI, financial, confidential). Remediate over-permissioned access.
Permission Set Strategy
Move away from profile-level FLS; use permission sets. Grants granular, composable, portable across profiles. Summer ‘26’s Field Access tab works across both, so migration pays dividends in audit simplicity.
AI Implications
AI agents see fields through the running user’s FLS. Over-permissioned user = over-exposed AI. Audit becomes more urgent because AI can query everything the user can. Tightening FLS directly reduces AI data exposure.