Entity Based Access

manikandank3877 · ‎07-13-2025

Hello experts,

I’m setting up Entity-Based Access in GRC and running into a weird issue.

I’ve done the following so far:

Installed the Entity-Based Access plugin
Enabled the property: sn_grc_ent_access.enable_entity_based_access
Created an Entity Access Configuration for the Entity Owner

But even with all that, everyone can still see all the entities, not just the owners. 😕

Is there something else I need to do?

SrinivasMeV · ‎07-13-2025

Hi @manikandank3877

The Entity-Based Access feature does not restrict visibility of the entities themselves. Instead, it is designed to control access to records that are related to those entities—such as risks, issues, controls, and similar items.

This means that even after enabling the configuration, all users will still be able to see all entities.

Example:
If you configure access for the entity "Finance Department" and assign access only to the entity owner, then activate the configuration and apply record-level restrictions (e.g., via bulk update), only the owner of the Finance Department entity will be able to view the related records—such as risks, controls, risk response tasks, and issues.

However, the entity "Finance Department" itself will remain visible to all users. This is because the access restrictions apply only to the related records, not to the entities themselves.