Configuring access control

  • Release version: Zurich
  • Updated November 27, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configuring access control

    This guide outlines the steps to configure entity-based access control in Privacy Management, enabling organizations to restrict user access to processing activity records based on their position within the organizational hierarchy. The process ensures that only relevant records are accessible to privacy teams and users, promoting security and regulatory compliance.

    Show full answer Show less

    Key Features

    • Entity-based Access Plugin: Install and enable this plugin to activate features for configuring access restrictions by legal entity.
    • Organizational Structure Setup: Establish parent-child relationships among entities to create a clear hierarchy (Global → Regional → Country-level).
    • Record Mapping: Map existing processing activity records to the appropriate entities, ensuring accurate access restrictions.
    • Access Configuration: Grant access to individual users or groups based on the organizational structure, specifying if access applies to downstream entities.
    • Bulk Access Update: Transition from role-based to entity-based access for existing records, applying restrictions through a scheduled job.
    • Continuous Monitoring: Use entity-based record access rules to automatically enforce restrictions on new or modified records.

    Key Outcomes

    By configuring entity-based access control, organizations can effectively manage user access to sensitive records, ensuring compliance with privacy regulations and enhancing data security. Access settings are maintained automatically, reducing the need for manual updates and allowing for seamless adaptation to organizational changes.

    Configurie Entity-based access control in Privacy Management, including property activation, hierarchy setup, record mapping, user assignment, bulk updates, and activating entity-based record access rules.

    The following steps outline how to configure access control in Privacy Management using Entity-based access (EBA). This process enables organizations to restrict user access to processing activity records and related data according to their position in the organizational hierarchy. By following these steps, administrators can ensure that privacy teams and users only access records relevant to their assigned entities, supporting both security and regulatory compliance.

    1. Install Entity-based access plugin and enable the entity-based access control property. This activates entity-based access features and allows you to configure access restrictions by legal entity.

      For information, see Configure Entity-based access.

    2. Establish the organizational structure (parent-child relationships), where a global entity contains regional entities, and those in turn contain country-level entities.

      For information, see Add hierarchical relationships between entities.

    3. If processing activities already exist, map each record to the appropriate entity in the organizational hierarchy, ensuring it is correctly linked as a downstream entity under the relevant legal entity, jurisdiction, or other defined structure. This guarantees that access restrictions are enforced accurately, as each record is tied to the correct part of the organization.
    4. In the Entity Configuration module, do the following:
      • Provide access to teams and users based on your organizational structure. You can grant access to individual users, such as entity owners or privacy analysts, or to groups.
      • Specify whether access applies only to the selected entity or also to downstream entities. This step ensures that only the appropriate teams or users can access records for their part of the organization.

      For information, see Create an entity configurations.

    5. Run a bulk access update to switch from role-based access to entity-based access for all applicable records. Bulk Access Update enforces entity-based access restrictions across relevant records in Privacy Management.
      When performing a bulk update:
      • Select the entity configuration and associated entities.
      • Choose the tables where restrictions apply (for example, Processing Activity or Privacy Assessment).
      • Preview the affected records to validate changes.
      • Enable the update to apply restrictions.
      The system queues a scheduled job that processes the update and applies the new access rules to all selected records.

      For information on how to run batch updates, see Set access restrictions using an entity based record access update utility.

    6. Use entity-based record access rules to enable continuous monitoring. These rules automatically apply restrictions to new or modified records, ensuring access settings stay enforced without manual updates. When the structure of the entities change, the system updates access controls automatically.

      For information on how to configure entity-based record access rules, see Set Entity based record access rules.