Loading
Feature Disruption - Service Cloud VoiceRead More
Feature degradation | Gmail Email delivery failureRead More
About Salesforce Data 360
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Data Governance Considerations

            You are here:

            1. Salesforce Help
            2. Docs
            3. Data 360

            Data Governance Considerations

            Before you begin, it’s important to review supported features and considerations for using data governance features in Data 360.

            Supported Features

            Data governance tags and policies are supported in these Data 360 features.

            • Data Cloud One: Data governance supports consistent tagging and policy management across both home and companion orgs. See Tagging and Policy Management in Data Cloud One
            • DevOps Data Kits: You can include tags in a DevOps data kit, packaging them along with their associated standard and custom data model objects (DMOs), and merge them from a sandbox into a production org. This ensures consistent tagging across development and production environments. See Data Kits and Data 360 in a Sandbox.
            • Data 360 Sandbox: You can include tags in your sandbox environment and merge them into your production org, ensuring consistent tagging across development and production.

            General Considerations

            • Assigning a data space through a permission set doesn’t automatically give users access to the data.
            • Data 360 provides an Allow All policy (also known as a day zero policy) out of the box for both existing and new orgs.
            • Admins need to delete the default Allow All policy to enable granular access control based on specific access requirements.
            • Access to data in the data space is restricted unless a policy explicitly allows it.
            • Row-level security policies are applied to queries. After a query passes the security checks for the objects and fields that it accesses, the row-level policy is applied to determine access.
            • If row-level allow policies are created for an object, access to the data are limited to only those users who have a row-level allow policy.

            Creating Data Access Policies

            These guidelines ensure that you can control data access in Data 360 based on defined policies.

            • An Allow Policy:
              • Grants the logged-in user read access to data and edit access to metadata for a resource, such as an object or a field.
              • Grants access to all fields and records on the objects specified in the grant.
            • A Deny Policy:
              • Overrides all access, except for users with View All Records (VAR) Modify All Records (MAR) permission, who can bypass these restrictions.
              • Denies the logged-in user access to the resource.
            • If multiple policies apply to the same user, resource, and action, a deny policy takes precedence and denies access if it conflicts with any allow policy.
            • Writing field-level deny policies that affect Primary Key and Fully Qualified Key fields can lead to unexpected results and isn't recommended.
            • Impact of Custom Permissions on Policies
              Custom permissions in Data 360 play a key role in determining how a policy is applied. You can assign them to users through custom permission sets or profiles to act as user attributes within the policy builder.
             
            Loading
            Salesforce Help | Article