If the security roles a user holds does not grant them access to a record, but they are permitted to read another record that contains a lookup to the record that should be secured, then it would be good if the platform could obscure or hide the name of the record.

For instance, the Product entity is organisation owned so any users that can see Products, see all Products. If the Product record contains a lookup to the Account, then any user can find a Product and potentially see the name of an Account that would otherwise not be available to them if they were to look for the Account directly.

Ideally, there should be the ability to have the record name value obscured in lookup fields if the user is not able to read the underlying record, as just seeing the name of a record can sometimes present a security problem.
Category: Platform
Needs Votes