Tip #774: Hierarchy Security and Personal Views

If you use hierarchy security, you should be aware that it will grant visibility to user’s personal views to their managers (or superior positions). This means that a manager may have many more personal views show in his or her view list, and users should be advised not to create views with names like “Accounts my boss is micromanaging.”

(H/T to Jeff Braeunig for this tip)

Share on FacebookTweet about this on TwitterShare on Google+

One thought on “Tip #774: Hierarchy Security and Personal Views

  1. AdamV says:

    Just to be clear, when you enable hierarchy security you can also choose which entities this works for.

    Stupidly (for a security-related feature), all entities are “on by default”; you have to select which to exclude. My fairly strong opinion is that you should exclude all entities except the few that you know you actually need to use hierarchical security for in order to meet your business requirements. Leaving this on for all entities is bound to have a performance impact every time you do a retrieve multiple (eg navigate to an entity, which displays a view).

    You can choose to include or exclude “Saved Views” entity according to your requirements.

    Important: I’ve seen scenarios recently where including the Saved Views in hierarchy security caused seemingly completely unrelated effects elsewhere. One user at the CRMUG Summit had all sorts of problems that were (eventually) resolved by MS Support removing Saved Views from the list. We then turned off hierarchy security completely because it was still causing some users to have privilege issues elsewhere, and they did not need it turned on in the first place.

    So use HSM with caution, or at least, remove Saved Views entity and save your managers getting frustrated with having loads of random views they don’t want. Bear in mind lots of those views will be using relative references such as “Owner equals current user”, which means the manager can’t even use this as a way to see the view as their direct report would see it – they get the same query, but different results.

Leave a Reply

Your email address will not be published. Required fields are marked *