About Manager Hierarchy for Internal Security

Manager Hierarchy provides organizational access control for Employee users by leveraging internal reporting relationships. This system allows administrators to configure data access based on actual business hierarchy, enabling managers to access subordinate records and employees to collaborate with team members according to organizational structure.

Understanding Manager Hierarchy

Purpose and Scope

Manager Hierarchy is designed specifically for Employee Security Role types and provides:

• Organizational Access Control: Data access based on reporting relationships
• Hierarchical Permissions: Access to manager, peer, and subordinate records
• Team Collaboration: Shared access within organizational teams
• Scalable Security: Automatic access adjustment as organizational structure changes

Important Limitations

Entity Compatibility: Manager Hierarchy functionality can only be applied to Magentrix-native entities. It is not available for external CRM objects (such as Salesforce objects, Microsoft Dynamics objects, or HubSpot objects).

User Type Restriction: Manager Hierarchy is exclusively for Employee users. Partner and Customer users use Account-based security through their CRM associations instead.

Manager Hierarchy Permission Levels

The diagram above shows a typical company organizational structure with different colored lines representing the scope of access for each permission level when applied to the VP (selected role).

Permission Level Definitions

1. Private(Yellow line)

• Access Scope: User can only access personally created or owned records
• Use Case: Sensitive personal data, confidential work, individual performance records
• Example: Employee can only see their own expense reports or personal goals

2. User and Direct Subordinates(Green line)

• Access Scope: Personal records plus records of users one hierarchical level below
• Use Case: Direct manager oversight, immediate team management
• Example: Manager Adam can access his own records plus records of direct report Brian

3. User and All Subordinates(Red line)

• Access Scope: Personal records plus records of all users below in the hierarchy
• Use Case: Department head oversight, multi-level management
• Example: VP can access records of all managers and employees in their division

4. Team(Orange line)

• Access Scope: Personal records plus manager's records and peer records at the same level
• Use Case: Peer collaboration, cross-functional team work
• Example: Manager Brian can access VP Adam's records and records of peer managers

5. Team and Direct Subordinates(Blue line)

• Access Scope: Team access plus records of users one level below
• Use Case: Middle management with both peer collaboration and direct oversight
• Example: Manager can access peer records, manager's records, and direct reports

6. Team and All Subordinates(Purple line)

• Access Scope: Team access plus records of all users below in the hierarchy
• Use Case: Senior management with broad organizational access
• Example: Senior manager accesses peer records, executive records, and entire department

7. All(Outermost Purple line)

• Access Scope: All records in the organization regardless of hierarchy
• Use Case: HR, Legal, Executive leadership, system administration
• Example: CEO or HR director can access any employee record organization-wide

Integration with Security Role System

How Manager Hierarchy Works with Security Roles

Manager Hierarchy permissions are configured within Security Role entity permissions:

• Entity Permission Setting: Choose hierarchical options (Private, Team, User and Subordinates, etc.) for Read, Create, Edit, Delete permissions
• Field Security: Applies independently of Manager Hierarchy - sensitive fields remain restricted
• Role Assignment: Employee users must have Manager field populated for hierarchy to function

Configuration Requirements

For Manager Hierarchy to work properly:

• Manager Field Assignment: Employee users must have their Manager field populated in their user profile
• Security Role Configuration: Entity permissions must be set to use hierarchical options
• Organizational Structure: Clear reporting relationships must be established and maintained

Practical Implementation Examples

Scenario-Based Access Patterns

Executive Leadership Access

• Permission Level: All
• Business Rationale: Executives need organization-wide visibility for strategic decisions
• Security Considerations: Reserve for roles requiring broad organizational access

Department Management

• Permission Level: User and All Subordinates
• Business Rationale: Department heads need visibility into all department activities
• Collaboration Benefits: Enables cross-team coordination and resource management

Team Leadership

• Permission Level: Team and Direct Subordinates
• Business Rationale: Team leads need peer collaboration plus direct team oversight
• Workflow Support: Supports matrix organizations and cross-functional projects

Individual Contributors

• Permission Level: Team or Private
• Business Rationale: Access to collaborate with teammates while protecting personal work
• Privacy Balance: Maintains individual privacy while enabling team collaboration

Best Practices for Manager Hierarchy Implementation

Organizational Structure Planning

• Clear Reporting Lines: Establish unambiguous manager-employee relationships
• Regular Updates: Maintain current Manager field assignments as organization changes
• Hierarchy Validation: Regularly audit Manager assignments for accuracy
• Documentation: Maintain records of organizational structure decisions

Security Role Design Strategy

• Permission Mapping: Align hierarchy permissions with actual business needs
• Level Appropriateness: Use minimum necessary access level for each role
• Entity-Specific Permissions: Consider different hierarchy levels for different entity types
• Field Security Integration: Use Field Security to protect sensitive data regardless of hierarchy access

Implementation and Testing

• Staged Rollout: Implement Manager Hierarchy gradually across departments
• Access Testing: Validate that hierarchical permissions work as expected
• User Training: Educate employees about what data they can access and why
• Performance Monitoring: Ensure hierarchy calculations don't impact system performance

Maintenance and Ongoing Management

Organizational Change Management

• Personnel Changes: Update Manager assignments when employees change roles
• Restructuring: Adjust hierarchy permissions when organizational structure changes
• Validation Processes: Regularly verify that Manager assignments reflect current organization
• Audit Procedures: Periodically review hierarchical access for appropriateness

Security and Compliance

• Access Reviews: Regularly audit who has access to what data through hierarchy permissions
• Sensitive Data Protection: Ensure Field Security protects confidential information
• Compliance Requirements: Verify hierarchy access meets regulatory requirements
• Change Documentation: Maintain records of hierarchy permission changes and rationale

Common Issues and Solutions

• Circular References: Avoid manager assignment loops that could cause system issues
• Orphaned Users: Ensure all employees have appropriate manager assignments
• Permission Conflicts: Resolve conflicts between hierarchy permissions and other security settings
• Performance Impact: Monitor and optimize hierarchy calculations for large organizations

Manager Hierarchy provides powerful organizational access control that scales with your business structure while maintaining appropriate security boundaries for Employee users within your Magentrix platform.

<< Understanding Security for External Users | Creating and Configuring Managers >>