Allow field deletion on SaaS datasets

[Linker44]

Ticket ENG-2247

Description Of Changes

Previously if a customer deleted a field (that was not added by them) from the dataset our merge logic would revert that change. This was because we didnt want customers breaking their configuration since many dataset fields are referenced in the saas config and are needed for traversal.

On merge logic we now iterate through the whole saas_config and grab any dataset reference we can find. This is later used as a safeguard to prevent deletion of "protected fields". Customers are now able to delete any field as long as its not protected.

Code Changes

• added logic to preserve fields that are referenced in saas config upon customer deletion of the dataset field

Steps to Confirm

1. Set up a SaaS integration.
2. use the endpoint /api/v1/connector-templates/{connector_template_type}/config to see the saas config.
3. use the endpoint /api/v1/connection/{connection_key}/dataset to edit the dataset, delete a field that is used as dataset reference on the saas config, delete a field that isnt referenced by the saas config.
4. bump the version of the config in your codebase to trigger an integration update.
5. verify using the rest api or DBM to verify that the field referenced in the saas config was preserved on the dataset and the other one was deleted.

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
  • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
  • Updates unreleased work already in Changelog, no new entry necessary
• UX feedback:
  • All UX related changes have been reviewed by a designer
  • No UX review needed
• Followup issues:
  • Followup issues created
  • No followup issues
• Database migrations:
  • Ensure that your downrev is up to date with the latest revision on main
  • Ensure that your downgrade() migration is correct and works
    • If a downgrade migration is not possible for this change, please call this out in the PR description!
  • No migrations
• Documentation:
  • Documentation complete, PR opened in fidesdocs
  • Documentation issue created in fidesdocs
  • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
  • No documentation updates required

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
fides-plus-nightly	Ignored	Preview	Feb 3, 2026 5:55pm
fides-privacy-center	Ignored		Feb 3, 2026 5:55pm

[greptile-apps]

Greptile Overview

Greptile Summary

This PR implements field deletion preservation for SaaS datasets by preventing deletion of fields that are referenced in the SaaS configuration.

Key Changes:

• Added get_saas_config_referenced_fields() function that recursively traverses SaaS config to find all dataset field references in param_values and postprocessors
• Modified merge_datasets() and _merge_fields() to accept a protected_fields parameter
• Fields referenced in SaaS config are now protected from customer deletion to prevent breaking traversal logic
• Customers can still delete fields that aren't referenced in the SaaS config
• Integration updates can always delete fields (controlled process)

Testing:

• Comprehensive parametrized tests cover various SaaS config reference patterns
• Tests validate protected field behavior across single and multiple collections
• Existing test expectations updated to reflect new deletion behavior

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• The implementation is well-structured with comprehensive test coverage. The recursive traversal approach for finding field references is maintainable and automatically adapts to schema changes. The logic correctly distinguishes between customer deletions (conditionally allowed) and integration deletions (always allowed).
• No files require special attention

Important Files Changed

Filename	Overview
src/fides/service/connection/merge_configs_util.py	Adds field reference extraction logic to identify and protect SaaS config-referenced fields from deletion
src/fides/service/connection/connection_service.py	Extracts protected fields from SaaS config and passes them to merge_datasets to prevent deletion
tests/service/connection/test_merge_configs_util.py	Comprehensive test coverage for field reference extraction from various SaaS config locations

[greptile-apps]

_{3 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Grammatical error: "Customers field deletion are" should be "Customer field deletions are"

Suggested change

	description: Customers field deletion are now preserved when merging datasets.
	description: Customer field deletions are now preserved when merging datasets.

[galvana]

Solid! Nice tests