Enabling Salesforce Customer Admins to Manage and Protect their User Data

60% of Salesforce customers recognize that building a comprehensive customer profile is to bring all their customer data together into a single source of truth. I led the user experience to enable customers to manage their data from different data sources into one platform and defined access control to protect data usage.

Why this mattered

Customers needed logical boundaries to organize data, maintain governance, and control access across diverse business units and external sources. While Data Cloud, a platform applcation allows for managing, analyzing, and storing enterprise data, customers needed more than raw scale

But as adoption expanded across multiple brands, regions, and business units, the absence of logical boundaries created risks:

  • Data sprawl that made it difficult to manage ownership.

  • Compliance gaps when sensitive data lacked consistent governance.

  • Admin frustration from not knowing who should access what.

Failing to solve this challenge could undermine confidence in Data Cloud and ultimately lead to declining adoption.

Existing user research highlights that the current state of access control for distributed data is fundamentally challenging.

Leading the Data Space initative

In early 2022, the Data Cloud team launched an initiative to define an authorization mechanism for admins to grant end-users access to any relevant data to their role and business needs.

Designing Data Spaces wasn’t just about creating admin workflows, it required deep alignment across multiple product clouds, UX teams, and engineering architects. As the lead designer for User Access, I was responsible for driving the end-to-end experience effort.

What I did:

  • Drove cross-cloud alignment by establishing a shared vocabulary, personas, and task flows.

  • Framed Data Spaces as a platform-wide capability, not a siloed feature, ensuring reusability across Salesforce.

  • Led the UX direction for layered access controls, balancing data democratization with compliance needs.

  • Guided proof of concept work to validate both the scalability of Data Spaces and the usability of admin/end-user experiences.

The D360 Access Control vision brought together cross-functional teams, with some established ahead of the kickoff and others emerging as we refined the problem space.

In my role as a lead designer, I worked across product clouds and with engineering leadership to co-develop the strategy, vision, and roadmap for the future of this product area, while also driving clarity on the short-term experience.

From fragmented views to shared understanding

My discovery work spanned both user research and organizational alignment.

With the research and insights team, I defined personas and mapped the Job To Be Done lifecycle across planning, implementation, and maintenance of user access. Alongside this, I held one-on-one sessions with product and engineering leaders, uncovering misaligned definitions, divergent workflows, and untested assumptions. By combining user evidence with stakeholder perspectives, I built a holistic understanding of the problem space that guided both short-term design priorities and the long-term access control vision.

We identified these roles as key personas, managing and comsuning different asepct of access control

A recurring debate centered on why we needed to build yet another access control capability when so many already existed. To address this, I mapped the functionalities of Salesforce’s key access control systems and to clarify overlaps.

The high-level flow focuses on user access control touchpoints supported by different workstreams.

Goals for the Data Spaces Initiative

  • Enable scalable data organization for enterprises to organize data across multi-brand, multi-geo, and multi-department use cases. Provide a consistent admin experience for managing data structures across all Salesforce Clouds.

  • Deliver fine-grained data permissions allowing admins to control access at every level, providing both security and flexibility.

  • Establish Data Spaces as a common model for data management and permissions across Salesforce products, ensuring consistency and reuse instead of siloed solutions.

The Relationship Between Data Sources, Data Spaces, and Permission Sets across different personas

The flow demonstrates how integrating Data Spaces with Permission Sets streamlines complexity into a scalable model, balancing two critical needs: giving users the right data at the right time while safeguarding sensitive information for the business.

Based on Data Spaces, roles, and profiles, business users only see the data relevant to their responsibilities. For example, in the image above, Service Agents can access a customer’s full profile within the brand-specific Data Space they’ve been granted.

The Data Spaces pilot launched in July 2022, giving users a way to organize data and assign it within one Data Cloud instance. Over the next two years, the capability scaled to support a multi-org scope, giving companion orgs shared access to unified data avoiding the cost and complexity of provisioning a Data Cloud in each org. Data Spaces became generally available in March 2024.

Lessons learned

  • Find out who the “knowledge keepers” are. Sometimes, there are team members whose knowledge about a specific topic goes beyond their company title. These people’s opinions matter across stakeholders because they can advocate for the best user experience with you, which could be an advantage for your design proposal at every stage of the design process.

  • Design based on the ideal but gradually incorporate the constraints that will limit your designs. But don’t get too attached, don’t expect your vision to be implemented. Be ready to break it and adjust it for multiple releases.

  • Designers need to understand the environment, priorities, relationships, and processes within the company that they worked for to frame their work in a language that everyone in that context can comprehend to accomplish results.

Data Spaces as the Foundation for Trusted AI-driven experiences for Agentforce

Data Spaces are more than just an organizational tool, they are the architectural backbone that equips AI agents with the trusted, grounded knowledge required to deliver accurate, secure, and context-rich customer experiences. This capability is fundamentally integrated into all Agentforce applications, serving as the single, secure source of proprietary data.

Agents interact with trusted, context-rich insights because Data Spaces ground their responses in governed, relevant data tailored to their role and business need.

The Agentforce Data Library is the foundational data source that powers AI agents. But it's not a generic data store, it's a secure, curated knowledge base whose contents are defined by Data Spaces.

When defining retrievers, the engine that finds the information, it is the Data Space that tells the retriever exactly where it's allowed to look. Together, they form the foundation for a safe and trustworthy AI experience.