Manager Hierarchy vs Position Hierarchy

 Manager Hierarchy vs Position Hierarchy

Reference: 1  2  3

There are 2 types of hierarchical security in Dynamics 365 security:

• Manager hierarchy. In this case, the manager must be in the same business unit or parent business unit of a report to see the report’s data. You may want to use this if you restrict data access between business units.
• Positional hierarchy. This allows you to access data across different business units.

Manager Hierarchy

The manager hierarchy model follows the same reporting structure of your organization. This type of hierarchy allows managers to access any data that their reports can access. Managers are given the combined privileges of their subordinates. For the non-direct reporting structure, the manager will get read-only access.

It is important to note that if a direct report has deeper security access to an table than their manager, the manager may not able to see all the records that the direct report has access to. 

Setting It Up

Only administrator-level users can enable the hierarchy security model. To enable this type of security model:

• Go to Settings > Security > Hierarchy Security
• Then Select Hierarchy Security and enable Hierarchy Modeling.
• Then choose Manager Hierarchy. You can set the depth up to which a manager can have read-only access to the data under their reporting structure.

Position Hierarchy

The position hierarchy does not follow the reporting structure but instead follows the access levels as defined by the administrator. The admin will define the various positions within the organization and arrange them in a positioned hierarchical structure. New users can be added to a particular position by specifying a ‘tag’ that defines that position within the hierarchy. While a position can be assigned to multiple users, a single user can only have one position in a hierarchy.

The direct higher positions have more privileges to read, write and update, whereas lower positioned users will have limited privileges. Based on the ancestor path, the privileges assigned will vary for any position.

With the Position hierarchy security, a user at a higher position has access to the records owned by a lower position user or by the team that a user is a member of, and to the records that are directly shared to the user or the team that a user is a member of.

In addition to the Position hierarchy security model, the users at a higher level must have at least the user level Read privilege on an table to see the records that the users at the lower positions have access to. 

Setting It Up

• To set up a position hierarchy, choose Custom Position Hierarchy as the hierarchy model when you enable the hierarchy security. Set the depth value and start tagging your users with the position levels.
• To add a position to a user, you can select positions from the lookup field called Position on the user record form.
• To create new positions, Go to Settings > Security> Positions and Create +New.

C