Hierarchy Security

Hierarchy Security in Dynamics 365 Customer Engagement (CE) is an advanced access model that allows managers and executives to gain visibility into records owned by users lower in the organizational hierarchy - without relying on manual record sharing or overly broad Security Roles.

It provides a dynamic, scalable way to support real-world management scenarios where leaders need oversight of their teams’ data.

Why Hierarchy Security?

While Business Units and Security Roles provide strong boundaries for data access, they do not natively support common management requirements, such as:

• A Sales Manager needing to view Opportunities owned by their Sales Reps.

• A Customer Service Supervisor wanting to monitor open Cases owned by their team.

• A VP of Sales reviewing pipeline data across the entire reporting chain.

Without Hierarchy Security, organizations often resort to:

• Granting Organization-wide access (too broad, high risk).

• Manual record sharing (difficult to maintain and audit).

• Complex Team structures (hard to scale).

Hierarchy Security solves these problems by providing automatic visibility based on the organizational structure.

Types of Hierarchy Security

Dynamics 365 CE supports two models of Hierarchy Security:

Manager Hierarchy

• Based on the Manager field in the User profile (synchronized from Azure AD or set manually in Dynamics 365).

• Simple to implement and maintain.

• Best suited for small to medium organizations with flat or moderately deep structures.

Position Hierarchy

• Based on a customizable Position hierarchy that you define in Dynamics 365.

• More flexible and scalable - supports complex or matrixed organizations.

• Positions are linked to users and arranged in a hierarchy tree (Position → Parent Position).

Key difference:

Manager Hierarchy depends on user-to-user relationships; Position Hierarchy is more abstract and can represent functional or dotted-line reporting structures.

How Hierarchy Security Works

When enabled:

• Managers (or users in higher Positions) automatically gain access to records owned by users lower in the hierarchy.

• Access is granted based on the user’s existing Security Role privileges:

  If a Manager’s role allows Read on Opportunities, they can read subordinates’ Opportunities.

  If they lack Delete privilege, they cannot delete subordinates’ records - Hierarchy Security does not override Security Roles.

• Access can be limited by Hierarchy Depth:

  You can configure how many levels down the hierarchy visibility is granted (e.g. 1 level, 2 levels, unlimited).

• Supported entities:

  Hierarchy Security applies to all entities where Security Roles are enforced.

Typical Use Cases

Sales Management:

Regional Sales Managers can review their team’s Opportunities, Accounts, and Activities - without requiring Organization-wide access.

Customer Service Oversight:

Supervisors can monitor Cases being handled by their agents, escalating or reassigning where needed.

Executive Reporting:

Leadership can access team data in dashboards and reports without manual sharing or excessive privileges.

Cross-functional Leadership:

In matrixed organizations, Position Hierarchy allows functional leaders to view relevant data across multiple BUs.

Key Considerations

• Hierarchy Security is additive:

  It grants visibility in addition to the user’s Security Roles.

  It does not override or reduce existing security restrictions.

• Depth configuration is critical:

  Deeper hierarchies can introduce performance overhead.

  Limit depth to the business need (e.g. 1–2 levels is usually sufficient).

• Manager Hierarchy is easy to set up but less flexible:

  Changes in Azure AD can affect Dynamics 365 hierarchy unexpectedly.

  Use Position Hierarchy for more controlled scenarios.

• Works well in combination with:

  Field-Level Security.

  Record Sharing (where needed for collaboration).

  Teams (for structured access and ownership).

Common Pitfalls

• Granting overly deep hierarchy access - exposing too much data.

• Relying on Manager Hierarchy when Positions would be a better fit.

• Not keeping Manager or Position data clean - resulting in broken hierarchy chains.

• Assuming Hierarchy Security grants full access - it always respects Security Role privileges.

Best Practices

Use Position Hierarchy for enterprise-scale or complex organizational structures.

Use Manager Hierarchy for simple reporting structures or rapid deployment.

Keep hierarchy data clean - automate updates from HR systems where possible.

Regularly audit Hierarchy Security to ensure it reflects current business needs.

Configure Hierarchy Depth conservatively - start shallow and expand only as needed.

Combine Hierarchy Security with proper Security Role design - don’t use it to "patch" poor role models.

Summary

Hierarchy Security in Dynamics 365 CE is a powerful tool to enable managerial visibility and oversight without undermining the core security model.

By leveraging Manager or Position hierarchies, organizations can reduce the need for manual record sharing, maintain clean Security Role designs, and support dynamic access aligned with real-world business structures.

When thoughtfully implemented, Hierarchy Security greatly enhances both user experience and governance - helping Dynamics 365 scale with the organization’s growth and complexity.