In our previous blog, we discussed Hierarchy Visualization, and now we will focus on Hierarchy Security in CRM 2015. This feature is an extension of the existing Microsoft Dynamics CRM security model, providing more granular access to records and reducing maintenance costs. 

Key Benefits of Hierarchy Security: 

• Extends Dynamics CRM Security Model for more control. 
• Enables granular record access based on user roles and relationships. 
• Reduces maintenance costs by minimizing the need for multiple business units. 

The Hierarchy Security Model complements existing security mechanisms such as business units, security roles, sharing, and teams. It allows organizations to implement granular access control without the overhead of managing numerous business units. 

Types of Hierarchy Security in CRM 2015 

Hierarchy Security is categorized into two models: 

1. Manager Hierarchy 
2. Position Hierarchy  

Manager Hierarchy

This model is based on a direct reporting structure and is controlled through the Manager Field in the system user record. 

Key Features: 

• Access is based on a direct reporting model. 
• Managers can access and perform actions on the data of their subordinates. 
• A manager must have at least user-level Read privileges on an entity to view their subordinate’s data. 
• Access is restricted to the same Business Unit (BU). 

Example: 

If Adam is the manager of Ben, Brendan, and Chris, he can access their data based on the security model. 

1) Position Hierarchy

Unlike the Manager Hierarchy, this model is not based on direct reporting relationships but rather on job positions within the organization. 

Key Features: 

• Users at higher positions can access the records of users at lower positions. 
• Higher positions must have Read, Write, Update, Append, and AppendTo privileges to access lower-level data. 
• Not restricted to a single Business Unit. 
• Users at higher levels must have at least user-level Read privileges to access lower-level records. 

Example: 

A CEO can access data from VP of Sales and VP of Service because they hold lower positions in the hierarchy. 

Setting Up Hierarchy Security 

How to Enable Hierarchy Security 

By default, Hierarchy Security is disabled. To enable it: 

1. Navigate to Microsoft Dynamics CRM > Settings > Security > Hierarchy Security. 
2. Click Enable Hierarchy Modeling. 
3. Choose between Manager Hierarchy or Custom Position Hierarchy. 
4. Adjust the Depth setting to control the number of levels managers/positions can access. 

Important Notes: 

• Only users with Change Hierarchy Security Settings privileges can modify hierarchy security. 
• Setting Depth = 1 allows a manager to access only their direct reports. 
• Setting Depth = 2 allows a manager to access both direct and indirect reports. 

Configuring Manager and Position Hierarchies 

Manager Hierarchy Setup: 

• The Manager (ParentsystemuserID) field defines reporting relationships. 
• Managers can access subordinate records within the hierarchy. 
• Position Hierarchy Setup: 
• Navigate to Microsoft Dynamics CRM > Settings > Security > Positions.
• Define positions and parent-child relationships.
• Assign users to positions using the Users in this Position field.

Performance Considerations 

• Limit hierarchy security to 50 users or less under a single manager/position. 
• Use the Depth setting to control the number of users affected. 
• Combine hierarchy security with other security models for optimized performance. 
• By implementing Hierarchy Security, organizations can efficiently manage access permissions, reduce administrative overhead, and enhance data security. 

We hope this blog helped you understand Hierarchy Security in CRM 2015. Stay tuned for more insights!