When implementing Microsoft Dynamics CRM for larger, enterprise customers, we're often asked to create more sophisticated security models. The most common request is to create a model in which managers in the same business unit can view their direct reports' data without seeing the data of other managers' teams within the same business unit. Previously, this required the development of a custom plug-in or a complex setup of several business units, which can be rather cumbersome to maintain. With the release of Microsoft Dynamics CRM 2015, the Hierarchy Security Model was introduced allowing companies to create a more sophisticated security model in an easy to maintain fashion.
To access the Hierarchy Security feature in Microsoft Dynamics CRM, navigate to Settings > Security:
Once you are on the Hierarchy Security screen, you can enable Hierarchy Security. Select the model you wish to use (Manager or Position based hierarchy), specify the depth of the hierarchy model and select specific entities to exclude from the model. In order to set up your Hierarchy Security Model, you must first turn on Hierarchy Security Modeling.
Manager based hierarchy works with the current user setup in MSCRM. To use this option, make sure that your end users have Managers associated. By setting users' Managers, a hierarchy will automatically be created between end users, similar to your company's org chart.
Using the Manager Hierarchy option will extend your current security model based on your current organizational structure. The default Hierarchy Depth is 3. This means that managers will be able to view data owned by 3 levels of users below them. It is important to note that performance is tied to the number of users in the manager's hierarchy rather than the number of levels. In other words, 1 manager with 1 report and 3 levels in the hierarchy will experience the same performance as 1 manager with 3 direct reports and 1 level in the hierarchy.
The other option available is Position based hierarchy. The Position based model allows you to create a security model that differs from your company's organization structure. It can also be leveraged to grant access to teams as well as grant access across business units. To start, create your positions making sure to specify the parent position for each new position created. Then add one or more users to each position. If your company requires that a team of managers have access to the same users' data, then Position based hierarchy is the model recommended.