system-field-behavior-and-audit
Use when practitioners need to understand system-managed fields (CreatedDate, LastModifiedDate, SystemModstamp, CreatedById, LastModifiedById, IsDeleted) — their update behavior, indexing, and queryability. Triggers: 'difference between SystemModstamp and LastModifiedDate', 'how to query deleted records', 'set CreatedDate during data migration', 'why does LastModifiedDate not match SystemModstamp', 'Create Audit Fields permission'. NOT for field-level change tracking (use field-history-tracking skill), Shield Field Audit Trail for compliance retention (use field-audit-trail skill), or custom audit logging with Apex triggers.
Best use case
system-field-behavior-and-audit is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Use when practitioners need to understand system-managed fields (CreatedDate, LastModifiedDate, SystemModstamp, CreatedById, LastModifiedById, IsDeleted) — their update behavior, indexing, and queryability. Triggers: 'difference between SystemModstamp and LastModifiedDate', 'how to query deleted records', 'set CreatedDate during data migration', 'why does LastModifiedDate not match SystemModstamp', 'Create Audit Fields permission'. NOT for field-level change tracking (use field-history-tracking skill), Shield Field Audit Trail for compliance retention (use field-audit-trail skill), or custom audit logging with Apex triggers.
Teams using system-field-behavior-and-audit should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/system-field-behavior-and-audit/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How system-field-behavior-and-audit Compares
| Feature / Agent | system-field-behavior-and-audit | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Use when practitioners need to understand system-managed fields (CreatedDate, LastModifiedDate, SystemModstamp, CreatedById, LastModifiedById, IsDeleted) — their update behavior, indexing, and queryability. Triggers: 'difference between SystemModstamp and LastModifiedDate', 'how to query deleted records', 'set CreatedDate during data migration', 'why does LastModifiedDate not match SystemModstamp', 'Create Audit Fields permission'. NOT for field-level change tracking (use field-history-tracking skill), Shield Field Audit Trail for compliance retention (use field-audit-trail skill), or custom audit logging with Apex triggers.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# System Field Behavior and Audit Use this skill when a practitioner needs to understand how Salesforce automatically manages system fields on every record — when each field updates, which fields are indexed, how to query deleted records, and how to override audit fields during data migration. --- ## Before Starting Gather this context before working on anything in this domain: - **Use case**: Is this about delta sync / incremental queries, data migration with date preservation, soft-delete recovery, or general audit understanding? - **Common wrong assumption**: Practitioners assume LastModifiedDate and SystemModstamp always have the same value. They diverge whenever an automated system process (workflow field update, formula recalculation, approval process) modifies a record without a direct user or API save. - **Platform constraints**: Create Audit Fields is an org-level permission that must be enabled by Salesforce Support. It allows overriding CreatedDate, CreatedById, LastModifiedDate, and LastModifiedById only on insert, not on update. --- ## Core Concepts ### SystemModstamp vs. LastModifiedDate Both fields record when a record was last changed, but they track different scopes of change: - **LastModifiedDate** updates only when a user or API call explicitly modifies the record (DML update, inline edit, API PATCH/POST). It reflects the last *intentional* edit. - **SystemModstamp** updates on every change, including automated system processes — workflow field updates, formula recalculations, roll-up summary recalculations, and approval process field stamps. SystemModstamp is always >= LastModifiedDate. SystemModstamp is indexed by the platform. LastModifiedDate is not indexed. For any SOQL query that filters by modification date (delta sync, incremental ETL, change data capture fallback), always use SystemModstamp for correctness and performance. ### Create Audit Fields The "Create Audit Fields" org permission (also called "Set Audit Fields upon Record Creation") allows API clients to set the four audit ownership fields on insert: - `CreatedDate` - `CreatedById` - `LastModifiedDate` - `LastModifiedById` This is used exclusively during data migration to preserve historical timestamps and ownership from a source system. The permission must be enabled by Salesforce Support (Setup > Contact Support, or via case). It applies org-wide once enabled and works only on insert operations — you cannot retroactively change these fields on existing records via update. ### IsDeleted and Soft Deletes When a record is moved to the Recycle Bin, Salesforce sets `IsDeleted = true` on the record rather than physically removing it. The record remains queryable through two mechanisms: - **SOQL**: `SELECT Id, Name FROM Account WHERE IsDeleted = true ALL ROWS` - **REST API**: The `/services/data/vXX.0/queryAll/` endpoint (vs. the standard `/query/` endpoint) Records in the Recycle Bin are retained for 15 days (configurable up to 15 days). After permanent deletion, records are no longer queryable by any means. The `ALL ROWS` keyword also returns archived records on objects that support archiving. --- ## Common Patterns ### Delta Sync with SystemModstamp **When to use:** An integration or ETL process needs to pull only records modified since the last sync. **How it works:** ```sql SELECT Id, Name, AccountNumber, SystemModstamp FROM Account WHERE SystemModstamp > 2025-01-15T00:00:00Z ORDER BY SystemModstamp ASC ``` Store the highest SystemModstamp value returned as the watermark for the next sync. Use `ORDER BY SystemModstamp ASC` so if the sync is interrupted, you can resume from the last processed record. **Why not LastModifiedDate:** A workflow field update that fires after record save will update SystemModstamp but not LastModifiedDate. Using LastModifiedDate misses those changes, causing data drift between systems. ### Data Migration with Audit Field Preservation **When to use:** Migrating records from a legacy system or another Salesforce org where you need to preserve the original creation date and creator. **How it works:** 1. Confirm Create Audit Fields permission is enabled (Setup > User Interface > Enable "Set Audit Fields upon Record Creation", or contact Support). 2. In your Data Loader or Apex script, include `CreatedDate`, `CreatedById`, `LastModifiedDate`, and `LastModifiedById` columns in the insert payload. 3. The user performing the insert must have the "Set Audit Fields upon Record Creation" user permission assigned via permission set. 4. Insert the records. The platform accepts the provided timestamps instead of auto-generating them. **Why not post-insert update:** You cannot update audit fields after insert — the platform rejects DML updates to these fields even with the permission enabled. ### Soft-Delete Recovery Query **When to use:** A user accidentally deleted records and you need to identify what was lost before the Recycle Bin expires. **How it works:** ```sql SELECT Id, Name, CreatedDate, LastModifiedDate, LastModifiedById FROM Contact WHERE IsDeleted = true AND LastModifiedDate = LAST_N_DAYS:7 ALL ROWS ``` Use this to generate a list of recently deleted records for review. Admins can then undelete from the Recycle Bin via Setup or the `Database.undelete()` Apex method. --- ## Decision Guidance | Situation | Recommended Field | Reason | |---|---|---| | Incremental ETL / delta sync queries | SystemModstamp | Indexed; captures all changes including automated processes | | Display "last edited" to end users | LastModifiedDate | Reflects intentional human/API edits only | | Audit trail of who last changed a record | LastModifiedById | Paired with LastModifiedDate for human-edit attribution | | Preserve historical dates during migration | CreatedDate (with Create Audit Fields) | Only works on insert; requires org permission from Support | | Find recently deleted records | IsDeleted + ALL ROWS | 15-day Recycle Bin window; permanent deletes are unrecoverable | | Replication / data synchronization | SystemModstamp + IsDeleted (ALL ROWS) | Covers modifications, automated changes, and soft deletes | --- ## Recommended Workflow Step-by-step instructions for an AI agent or practitioner working on system field questions: 1. **Identify the use case** — Determine whether the practitioner needs delta sync, data migration, soft-delete recovery, or general field understanding. 2. **Check field semantics** — Confirm which system field applies. Use SystemModstamp for any query where completeness matters; use LastModifiedDate only for human-attribution display. 3. **Verify org permissions** — If data migration with audit field override is needed, confirm Create Audit Fields is enabled at the org level and the user has the corresponding user permission. 4. **Write or review the SOQL** — Ensure delta sync queries filter on SystemModstamp (not LastModifiedDate). Ensure soft-delete queries include `ALL ROWS`. Verify ORDER BY for resumable processing. 5. **Test in a sandbox** — Trigger a workflow field update on a record, then compare SystemModstamp vs. LastModifiedDate to confirm they diverge as expected. Test Create Audit Fields with a sample insert. 6. **Document the watermark strategy** — For delta sync, document where the high-watermark is stored, how failures are handled, and the expected sync frequency. --- ## Review Checklist Run through these before marking work in this area complete: - [ ] Delta sync queries use SystemModstamp, not LastModifiedDate - [ ] Soft-delete recovery queries use ALL ROWS (SOQL) or queryAll (REST) - [ ] Create Audit Fields permission is confirmed enabled before migration insert - [ ] The migrating user has the "Set Audit Fields upon Record Creation" user permission - [ ] Audit field values are included only in insert operations, not updates - [ ] Watermark / checkpoint strategy is documented for incremental sync - [ ] Recycle Bin retention window (15 days) is accounted for in recovery plans --- ## Salesforce-Specific Gotchas Non-obvious platform behaviors that cause real production problems: 1. **SystemModstamp updates silently on formula recalculations** — If a formula field references a parent record's field and that parent changes, the child's SystemModstamp may update without any direct change to the child record. This inflates delta sync volumes. 2. **Create Audit Fields works on insert only** — Attempting to update CreatedDate or CreatedById on an existing record via DML silently fails or throws an error depending on context. There is no supported way to change these fields after record creation. 3. **ALL ROWS includes archived records** — On objects with archiving enabled, `ALL ROWS` returns both soft-deleted and archived records. If you only want Recycle Bin items, add `IsDeleted = true` as an explicit filter. 4. **LastModifiedDate is not indexed** — Filtering SOQL queries by `LastModifiedDate >` will result in a full table scan on large objects. SystemModstamp is the indexed alternative. 5. **Bulk API queryAll behaves differently** — The Bulk API uses the `queryAll` operation to include deleted/archived records. The syntax differs from REST API's `/queryAll/` endpoint — consult the Bulk API documentation for the correct job configuration. --- ## Output Artifacts | Artifact | Description | |---|---| | Field selection recommendation | Which system field to use for the practitioner's specific use case with rationale | | Delta sync SOQL template | Ready-to-use query with SystemModstamp filter and ORDER BY for resumable sync | | Create Audit Fields enablement checklist | Steps to enable the permission, assign to users, and validate with test insert | | Soft-delete recovery query | ALL ROWS query template for identifying and recovering deleted records | --- ## Related Skills - `field-history-tracking` — Use when you need to track individual field value changes over time, not just the last modification timestamp. - `field-audit-trail` — Use when compliance requires retaining field change history beyond 18 months (Shield Field Audit Trail). - `data-migration-planning` — Use for end-to-end migration planning including Create Audit Fields as one component. - `soql-query-optimization` — Use for broader SOQL performance guidance beyond system field indexing. --- ## Official Sources Used - Object Reference: System Fields — https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/system_fields.htm - Help: Set Audit Fields upon Record Creation — https://help.salesforce.com/s/articleView?id=sf.enable_set_audit_fields.htm - REST API Developer Guide: queryAll — https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/dome_queryall.htm - SOQL Reference: ALL ROWS — https://developer.salesforce.com/docs/atlas.en-us.soql_sosl.meta/soql_sosl/sforce_api_calls_soql_select_all_rows.htm
Related Skills
guest-user-security-audit
Auditing the security posture of an Experience Cloud (Community) site's Guest User. Covers the post-Spring '21 secure-by-default lockdown (object permissions removed, sharing rule grants required for any access), the Guest User profile permissions to remove (View All Data, Modify All Data, Manage Users, etc.), guest sharing rules, the Run-As-Guest test, OWASP A01 (Broken Access Control) mapping, and the standard set of leakage vectors (Apex with `without sharing`, Aura / LWC `@AuraEnabled` methods, public-site Visualforce, REST endpoints under `/services/apexrest`). NOT for Experience Cloud authenticated user setup (see experience/experience-cloud-user-management), NOT for general Salesforce profile design (see admin/profile-permset-design).
field-audit-trail
Salesforce Shield Field Audit Trail: configuration, retention policies, querying archived field data, compliance requirements. NOT for field history tracking (use field-history-tracking).
encrypted-field-query-patterns
Design SOQL, filters, reporting, and indexes against Shield Platform Encryption fields. Trigger keywords: Shield Platform Encryption, encrypted field query, probabilistic vs deterministic encryption, encrypted SOQL filter, encrypted field index. Does NOT cover: Classic Encryption (deprecated), field-level security policy, or tenant secret key rotation.
omnistudio-field-mapping-governance
Govern DataRaptor field mappings to prevent runtime errors when source metadata changes: naming, versioning, and dependency tracking. NOT for DataRaptor authoring fundamentals.
field-history-tracking
Use when enabling, configuring, or querying Salesforce field history tracking to audit changes to field values over time. Covers enabling tracking on objects and fields, the 20-field-per-object limit, 18-month data retention, querying standard History sObjects (AccountHistory, OpportunityHistory, custom __History), and troubleshooting missing records. NOT for Event Monitoring (use security skills), NOT for Shield Field Audit Trail or FieldHistoryArchive (use field-audit-trail).
formula-field-performance-and-limits
Use when diagnosing SOQL performance problems caused by formula fields, hitting formula compile-size limits, or deciding whether to replace a formula field with a stored field for indexing. Triggers: 'formula field slowing SOQL', 'compile size limit', 'cross-object formula spanning limit', 'formula field not indexable', 'LDV query full table scan', 'SOQL WHERE on formula'. NOT for formula syntax help, building formula expressions, or authoring new formulas from scratch — use admin/formula-fields for that.
field-level-security-in-async-contexts
Use when async Apex (Queueable, Batch, Schedulable, @future) needs to honor the originating user's field-level security but the framework runs the job in a different security context than the user who initiated it. Triggers: 'fls bypassed in batch apex', 'queueable runs as wrong user', 'stripInaccessible in async returns full record', 'WITH USER_MODE evaluating against system user', 'scheduled apex sees fields the original user could not'. NOT for synchronous FLS enforcement (use apex-stripinaccessible-and-fls-enforcement) or for the with/without sharing decision (use apex-with-without-sharing-decision).
apex-system-runas
System.runAs in Apex tests: user-context impersonation, mixed-DML workaround, profile/permission testing, sharing verification, FLS NOT enforced, runAs nesting limits. NOT for general test setup (use apex-test-setup-patterns). NOT for WITH USER_MODE SOQL (use apex-user-mode-patterns).
picklist-field-integrity-issues
Use when picklist data quality has degraded: unrestricted picklists accepting garbage API values, dependent picklist relationships bypassed by integrations, record type picklist value mappings drifting out of sync, or orphaned values appearing in reports. NOT for initial picklist creation or Global Value Set design (use picklist-and-value-sets), NOT for record type configuration itself (use record-types-and-page-layouts).
formula-fields
Use when designing, reviewing, or troubleshooting Salesforce formula fields. Triggers: 'formula field', 'cross-object formula', 'null handling', 'compile size', 'HYPERLINK', 'IMAGE', 'why is formula slow'. NOT for save-time validation or persisted values - use validation rules, Flow, or real fields for that.
field-dependency-and-controlling
Dependent picklists in Salesforce: controlling field (picklist or checkbox), dependent picklist, valueSettings matrix in metadata, API behavior via SOAP/REST, LWC lightning-combobox with dependency. NOT for record types (use admin/record-types). NOT for validation rules.
custom-field-creation
Use when creating a new custom field on any Salesforce object: choosing field type, setting API name, configuring Field-Level Security, adding to page layouts, and deploying. Triggers: 'add a field', 'new custom field', 'what field type should I use', 'FLS not working', 'field not showing on page layout'. NOT for formula field logic (use formula-fields skill), picklist value set management (use picklist-and-value-sets skill), or object creation decisions (use object-creation-and-design skill).