Loading

Learn about Data 360 Data Governance

Veröffentlichungsdatum: Jan 7, 2026
Beschreibung

What is Data 360 Governance?

Data 360 Governance provides a robust framework for securing and managing data through tags, classifications, user attributes, and policy-based governance. It ensures the right users have access to the right data under the right conditions.

 

Release Material:

Lösung

Access Control for Data 360 Governance

How does access control work for Data 360?

  • Access control for Data 360 is implemented through Attribute-Based Access Control (ABAC) and includes Object-Level Security (OLS), Field-Level Security (FLS), and Row-Level Security (RLS).

Data 360 offers granular access control at multiple levels:

  • Data Spaces (Macro Level): Provide logical separation of data without needing multiple orgs, allowing for segregation by brand, business unit, and region. They define the broad scope of data visibility.
  • Object-Level Security (OLS): Controls access to entire data objects (e.g., Data Lake Objects, Data Model Objects, Calculated Insight Objects).
  • Field-Level Security (FLS): Controls access to individual fields within an object (e.g., hiding a credit card number field).
  • Record-Level Security (RLS): Controls access to specific rows (records) within an object, potentially based on user attributes or data values. RLS with joins allows referencing external tables for more dynamic conditions.
  • Dynamic Data Masking: Obfuscates sensitive information at query time without altering the underlying data, protecting fields based on user context or policy rules (e.g., redaction, nullification, rounding).

What is the impact of Data 360 Governance on existing and new Data 360 organizations?

  • Existing Orgs: For existing Data 360 organizations, a "Day 0 'Allow All'" policy is created out-of-the-box to ensure backward compatibility and zero disruption, meaning apps continue to function as-is. However, to enable granular policies, administrators must explicitly delete this default "Allow All" policy.
  • New Orgs: New Data 360 orgs also begin with the same "Allow All" policy by default, allowing users to explore their data model before enabling stricter access controls.

 

Data Spaces and Governance

How do Data Spaces relate to governance?

  • Data Spaces allow administrators to create logical partitions to organize data for profile unification, insights, and marketing. There is a limit of 50 data spaces per org.

Can we use both Data Spaces and Governance features?

  • Yes, you can use both. While Data Spaces provide physical separation, governance features offer more granular control through policies and tags.

 

FAQ

 

QuestionAnswer
Governance is enabled, but I still don’t see the "Data Governance" tab. What should I check?

User permissions to provide access:

  • Go to Setup → Users
  • Find the user → Permission Set Assignments → Edit
  • Assign Data 360 Architect (formerly Data 360 Admin) → Save

Add Data Governance to the nav bar

  • Go to Data 360 App
  • Click Edit nav bar icon
  • If Data Governance is not shown then → Add more items → Add Data Governance
I created a new org with Data Governance enabled, but I can't query Data 360 objects. Why?New orgs start with a Day 0 Allow All policy by default. Access is denied if this policy has been deleted or if no active governance policy applies to the user. At least one active policy must grant access to query Data 360 objects.
Is there a way to attach a tag to multiple Data Lake Objects (DLOs) at once?

At the moment, there's no option to tag multiple DLOs in one go. Each object needs to be tagged individually. Note: This could be a helpful feature for users who want to apply the same tag across several objects quickly, especially when setting up allow/deny policies.

In the Tagging Manager tab, DLOs are not categorized by Data Space, making it difficult to locate objects belonging to a specific Data Space. Is there a way to filter or organize them accordingly?

DLOs are accessible regardless of the Data Space they are associated with, which is why Data Space-based filtering is not applied in the Data Governance tab. For DMOs and CIOs, Data Space level filtering support is present.

Does the Data Governance module offer REST API endpoints to attach tags programmatically?

Yes, the Data Governance module provides REST APIs for annotation creation and annotation assignment.

In the “Data Lake Objects” tab of the Data 360 UI, is there an option to filter or list objects based on assigned tags?

Not within the “Data Lake Objects” tab itself. However, you can navigate to the “Tags” tab in the Data Governance section to view all objects associated with a specific tag. Screenshot attached for reference.

Is there any monitoring capability to view which objects are controlled by which policies without having to open each policy individually?

There isn’t a direct way to view policy coverage at the object level. But you can use the Tag Manager to identify tags assigned to a specific object. Then, in the "Tags" list view, check the "Policy Count" associated with each tag to infer which policies are linked to that object.

 

 

 

Nummer des Knowledge-Artikels

005103350

 
Laden
Salesforce Help | Article