Loading
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Set Up Data Governance for Contract Search

            You are here:

            1. Salesforce Help
            2. Docs
            3. Salesforce Contracts

            Set Up Data Governance for Contract Search

            Use Data Governance in Data Cloud to secure access to contract document chunks used in vector search. Configure a custom permission to make sure that only authorized access is granted to contract-related data. This setup is optional and required only if you want to replicate your object-level security configurations from the core to Data Cloud.

            Required Editions

            Note
            Note Most of the setup steps for Contract Search data governance in home and companion orgs are the same whether you configure manually or through the prebuilt data kit. The only differences are in how you tag the data lake objects (DLOs) and data model objects (DMOs). Salesforce recommends setting up Contract Search by deploying the Contract Document data kit. See Set Up Contract Search By Using Prebuilt Data Kit.
            Available in: Lightning Experience
            Available in: Professional, Enterprise, Unlimited, and Developer editions.
            User Permissions Needed
            To set up data governance:

            Data Cloud Architect [Home Org]

            OR

            Data Cloud One [Companion Org]

            AND

            CLM Admin User

            AND

            Contracts AI User
            Note
            Note To use Data Governance features, grant permissions to the listed objects per your chosen policy according to Assign Data Access. If you have more than one data space, you must grant access to objects in each data space. Object names in non default data spaces follow the convention of <DataSpace Prefix>_<Object Name>.
            1. Create a custom permission.
              1. In Setup, find and select Custom Permissions.
              2. Click New.
              3. Enter AllowContractSearch as the label.
              4. Leave the remaining fields blank.
              5. Save your changes.
            2. Create a custom permission set.
              1. In Setup, find and select Permission Sets.
              2. Click New.
              3. Enter Label as AllowContractSearchPermSet.
              4. Leave the remaining fields blank.
              5. Save your changes.
            3. Assign the custom permission to the permission set.
              1. Open AllowContractSearchPermSet.
              2. In the Apps section, click Custom Permissions.
              3. Click Edit and move the AllowContractSearch permission from Available Custom Permissions to Enabled Custom Permissions.
              4. Save your changes.
            4. Assign the Contract Search permission set to the integration user.
              1. In Setup, find and select Users.
              2. Click Integration User.
              3. In the Permission Set Assignments section, click Edit Assignments.
              4. Move AllowContractSearchPermSet from Available Permission Sets to Enabled Permission Sets.
              5. Save your changes.
              Note
              Note Similarly, assign the permission set to other Data Cloud Architect users who need access to contract-related DLOs and DMOs.
            5. Delete the default All Data Access policy.
              Note
              Note This step is required for the existing orgs but not for the new orgs.
              1. In App Launcher, find and select Data Governance.
              2. From the left panel, click Policies.
              3. Click the more actions icon, and then select Delete.
              4. Click Delete.
            6. Create a tag for Contract Search.
              1. From the left panel, click Tags.
              2. Click New.
              3. Enter the tag name as Contract Search Tag.
              4. Click Next and save your changes.
            7. Assign the tag to Contract Search DLOs and DMOs.
              1. In the Tags page, click Tagging Manager.
              2. By default, Data Lake Objects is selected in the dropdown. Tag the required DLOs first, then switch to Data Model Objects and tag the required DMOs.
              3. In the Data Space dropdown, select the appropriate data space.
              4. In the object list, click the name of the object (for example, ContentDocument).
              5. Click Attach New Tag.
              6. In the search box, enter and select Contract_Search_Tag.
              7. Select the Add these tags to <object name> checkbox.
              8. Save your changes.
              9. Similarly, assign the tag to each object.
                The Contract Document chunk and index DLOs and DMOs that you tag for Contract Search differ slightly between manual and prebuilt data kit setups. You don't need to create DLOs for Companion orgs. Only tag the DMO tags as described for both Home and Companion org.
                Data Lake Object (DLO) Data Model Object (DMO)
                ContractDocVerContentDoc Contract Doc Version Content Doc
                ContractDocumentVersion Contract Document Version
                • Data kit setup: Contract Document Search chunk
                • Manual setup: Contract Document Version chunk
                • Data kit setup: Contract Document Search chunk
                • Manual setup: Contract Document Version chunk
                • Data kit setup: Contract Document Search index
                • Manual setup: Contract Document Version index
                • Data kit setup: Contract Document Search index
                • Manual setup: Contract Document Version index

                After tagging all required DLOs, switch the dropdown to Data Model Objects and tag the corresponding DMOs.

              10. Click Done.
            8. Create an access policy for the tagged DMOs
              1. From the left panel, click Policies.
              2. Click New, and then click Next.
              3. In the new tab, enter the policy name as AllowContractSearchAccess.
              4. Set the policy name: AllowContractSearchAccess.
              5. Click Next.
              6. Set these values:
                Field Value
                Resource Object
                Action Allow Access
                Variable Tag
                Operator Is In
                Value Contract Search Tag
              7. From the left panel, click the Users icon.
              8. Set these values:
                Field Value
                Take Action On All users who meet all conditions (AND)
                Variable Assigned Permission
                Operator Is In
                Value AllowContractSearch
              9. Click Save and Activate.
             
            Loading
            Salesforce Help | Article