You are here:
Data 360 Governance Mergeback with DevOps Data Kits
Use sandboxes to develop and validate your data governance strategy, and then deploy them to production. DevOps data kits move governance metadata between environments and maintain a consistent security posture.
Data 360 provides two data kit types.
- DevOps data kits: Used for sandbox-to-production mergeback between linked environments.
- Standard data kits: Used for packaging and deployment across orgs.
Governance Metadata in Mergeback
Mergeback moves metadata that controls access to your data.
- Tag assignments identify and classify data model objects (DMOs), data lake objects (DLOs), and calculated insight objects (CIOs).
- Governance policies control access to data and protect it.
- Record-level security (RLS) controls access to records. Use DevOps data kits to deploy governance components to the target org.
- Field-level security (FLS) controls access to fields.
- Object-level security (OLS) controls access to objects.
- Structured masking policies protect sensitive data.
Data Governance Support for Mergeback
Mergeback supports these data governance features.
- Assigning standard tags to Data 360 objects
- Applying governance policies based on standard tags, including:
- RLS policies
- FLS policies
- Object-level structured masking policies
DevOps Data Kit Deployment Model for Governance
DevOps data kits group governance components and deploy them to the target org.
- Capture relationships between governance policies and Data 360 objects.
- Use built-in deployment mechanisms, including change sets.
- Add data assets such as DMOs or DLOs to a DevOps data kit. Associated governance policies and tag assignments are included automatically.
You can’t add policies or tag assignments to a data kit on their own.
Note For RLS with joins, make sure all referenced objects exist in the target org or deploy
them using DevOps data kits before activating the policy.
Unsupported Governance Capabilities in Mergeback
Mergeback doesn’t support:
- Creating custom tags in a sandbox and deploying them to production
- Assigning custom tags through mergeback
- Applying policies based on custom tags
- Applying policies that combine standard and custom tags
- Using custom tags during mergeback, even if they exist in the target org
- Unstructured data masking policies
- RLS hierarchy operator policies
- Deleting governance metadata during mergeback
Governance Mergeback Deployment Considerations
When planning your migration, consider these specific behaviors.
- Linked orgs: Deploy between related environments such as sandbox-to-production or sandbox-to-sandbox.
- Deletion not supported: Removing a policy or tag assignment in a sandbox doesn’t remove it from the target org.
- CLI not supported: Salesforce CLI doesn’t support governance policy deployment.
- System tags: Don’t modify system-defined tag taxonomy or tags. Salesforce manages them to maintain data integrity.
- Transaction limits: Large deployments may require batching.
- Deploy Data 360 Governance Policies with DevOps Data Kits
Migrate your data governance policies from sandbox to production orgs using DevOps data kits. This approach maintains consistency and reduces manual errors.
Did this article solve your issue?
Let us know so we can improve!
