Ever have that scenario in your organisation where you need a manager to be able to see the data that their reports have ownership of? For example, an industry lead for Sales should be able to see the accounts that their reporting account executives own… 🤔
In Microsoft’s Low Code data platform, Dataverse, this concept exists out the box with very little configuration to do, and so in this post, I’ll show you how to configure hierarchy security for Dataverse organisations with a few simple clicks! 🖱️ 🐭
So we have two options when it comes to hierarchy models for Dataverse hierarchy security here. We can either use the manager hierarchy model, or the position hierarchy modal. Both of these models and in general, hierarchy security is based on the ownership or direct sharing of data via users or teams. If a user has organisation level permissions to see accounts, it does not mean their manager will also have that permission, but rather the manager of that user will have access to any accounts the user owners and any shared directly with them via users or teams.
Manager hierarchy model
So, in the manager hierarchy model, effectively as a manager I will be able to access any data my direct reports have access to through being an owner of those records, from being part of a team that owns those records, or by having those records directly shared with the user (report).
Position hierarchy model
By using the position hierarchy model, we’re able to tag different users in Dataverse / Dynamics 365 with the position they have in the organisation. Then we define the position hierarchy in the organisation. With those things configured the access to data is controlled by the level in the organisation chart people are sat at. So rather than a sales manager only have access to their sales executives data. All sales managers will have access to every sales persons data because all sales people sit on the level below sales managers.
When it comes to users who have managers that sit in separate business units for example there is more to take into account here. For those cases if you want managers to be able to access data that direct reports from different business units own, you’ll need to enable the record ownership across business units tools.
When configuring hierarchy security in Dataverse there is the concept of depth control which we can configure too. Depth effectively lets you control how many levels down a manager has access to i.e. whether they can only access their direct reports, or whether they can access a further level of reports to that and so on. This is set by a numeric value.
Configuring hierarchy security
So first we’ll need to navigate to the Power Platform admin center. To do this go to admin.powerplatform.microsoft.com/environments
From here, select the environment you want to configure hierarchy security for then select settings in the ribbon.
Next under users and permissions, select ‘Hierarchy security’.
Cool! Now we’re at the page where we can start to configure hierarchy security for this organisation / environment.
From here we can either choose the manager or position hierarchy options and we can then open up the user table for manager hierarchy which will utilise the structure we have configured in Microsoft Entra ID, or we can configure users positions in Dataverse and utilise the position hierarchy model.
Then we can set the depth and finally we can exclude any tables from the model which shouldn’t adopt the set of rules configured for hierarchy security.
And that’s it! Save your changes and thats you configured with a hierarchy security model. All that without a single line of code or even a formula! Just a few clicks 😉 🖱️ 🐭
Did you like this content? 💖
Did you like this content? Check out some of the other posts on my blog, and if you like those too, be sure to subscribe to get my posts directly in your inbox for free!