Set Object and Record Access Policies for Agentforce Coworker (Beta)
Agentforce Coworker automatically applies default data access policies to supported data sources such as Google Drive and SharePoint when you connect them. When you connect Slack to Salesforce, users can access only the Slack data in Salesforce that they have permission to view in Slack. To control which records and objects users see in search results, set object- and record-level data governance policies.
| REQUIRED EDITIONS | |
|---|---|
| Available in: Enterprise, Unlimited, Agentforce 1 Editions | |
| USER ROLES NEEDED | |
| To configure Agentforce Coworker: | Data 360 Admin or Data 360 Architect |
| To access the Data Governance tab: | Data 360 Architect |
| USER PERMISSIONS NEEDED | |
| To use Agentforce Coworker: | Access_Ai_Search Permission Set Group, AI Search Permission Set License |
| To configure Agentforce Coworker: | Agentforce Coworker Admin Permission Set, AI Search Setup Permission Set License |
- In Salesforce, go to Data 360 via the App Launcher.
- Click the Data Governance tab.
- Click Policies in the sidebar.
- To grant object-level access, create two new policies that grant access to the Search Query and Record View DMOs to all users with Agentforce Coworker permission set groups and permission set licenses.
- To restrict record-level access, create four policies for the DLOs and DMOs listed here. Define each policy rule to deny access to records where the Individual field doesn't match the current user ID.
- Record View DLO
- Record View DMO
- Search Query DLO
- Search Query DMO
Add additional policies for any new DMOs created from Record View DLO or Search Query DLO.