Scenario :
We are building a Visualforce page for creating a case. Now there are fields in case which are read only for all profiles except System Adminstrator. I need the user to enter the value for this field and so I created my page with a controller and not a standard controller. Also in my controller we have added the modifier as without sharing.

Now when we log in through another user, we still see the field as read only on the page. However from the controller we are able to insert value or update the field. It seems to me that the page is running in User mode following the user profile permissions and field level security while the controller is running in Sytem mode. Is this the intended behaviour or are we missing something

Following are few of the possible solutions….

Solution 1

It is an intented behaviour, If the fields rendered on the page is strongly binded (i.e Value = {!ObjectName.Fieldname}).
Why not create input/HTML fields and bind them using getter setter method (i.e you take input in a normal text field and bind it to the actual field in the controller). As these input Html fields are not binded to an object these fields will be editable regardless of profiles.

Solution 2

Create a Custom Object and assign permissions to this object to all profiles. Now render fields of that custom object, but in your controller don’t insert this custom object. Insert the actual records.
Use this custom object to generate the lookups and date pickers
The controller will be standard controller of this custom object with extensions.
So this object is used just to render fields ….

Solution 3

Make the fields read only at the page layout level and not at the profile level.