Salesforce Data 360 introduces a set of metadata types that allow teams to manage their data model, insights, and segmentation. To deploy these metadata components successfully, specific Salesforce permissions and Data 360 setup steps are required.
This document outlines the minimum permissions, recommended permission sets, and environment prerequisites.
User Permissions for Metadata Deployment
The user performing the deployment (often an Integration User or System Administrator) must have the following core permissions enabled on their Profile or an assigned Permission Set:
Permission Name | Category | Purpose |
API Enabled | Administrative | Required to access the Metadata API, which all modern deployment tools utilize. |
View Setup and Configuration | Administrative | Required to retrieve and view metadata components in the setup environment. |
Modify Metadata Through Metadata API Functions | Administrative | Required for deploying metadata changes. This ensures the user has permission to write and modify configuration components. |
Customize Application | Administrative | Often a dependency for other key metadata permissions. |
Data 360 Admin (or Data 360 Marketing Admin) | License/User | The user must be assigned the relevant Data 360 Admin Permission Set License and the corresponding Data 360 Admin Permission Set to manage core Data 360 configurations. |
Permissions for Data Ingestion (Source Org Access)
If the Data 360 components being deployed include Data Streams that connect to a Salesforce org (the source), the user running the Data 360 Salesforce Connector must have adequate access to read the source data.
This is typically handled by the dedicated Data 360 Salesforce Connector Integration Permission Set in the source org. This Permission Set must be configured with:
Object Permissions: Read and View All Records access on every custom and standard object being ingested.
Field Permissions: Read Access enabled for every field on the ingested objects that is mapped into Data 360.
Deployment Best Practices for Data 360
Data 360 deployments involve moving specialized metadata types and require specific considerations:
1. Use Permission Sets over Profiles
Due to the strict and sometimes incompatible deployment rules for Data 360 permissions via the Metadata API (especially for components like Datastream, DataStreamDefinition, etc.), it is strongly recommended to manage all Data 360-related user access using Permission Sets and Permission Set Groups. Many Data 360 permissions cannot be deployed on a Profile.
2. Utilize Data Kits (DevOps Data Kits)
Salesforce encourages using DevOps Data Kits for complex Data 360 deployments. A Data Kit bundles all related metadata (Data Streams, DMOs, Calculated Insights, Segments) and tracks the necessary deployment sequence, significantly reducing dependency errors.
3. Manual Prerequisite: Data Spaces
The Metadata API cannot deploy Data Space definitions. Before deploying any metadata that belongs to a Data Space:
Ensure the target Data 360 org has the exact same Data Space created manually.
Ensure the Data Space prefix is identical in both the source and target environments.
4. Critical Deployment Sequence
Data 360 components have strict dependencies. While Data Kits manage this automatically, if deploying manually, you must follow the correct sequence:
Data Streams (Source connections)
Data Model Objects (DMOs)
Identity Resolution Rules
Calculated Insights (must deploy DMOs first)
Segments (must deploy DMOs and CIs first)
Activations (must deploy Segments first)