User hierarchy
Summarize
Summary of User Hierarchy
The user hierarchy feature in ServiceNow allows managers to access records of users reporting to them, facilitating better oversight and management. This hierarchy is based on configurations in thesysusertable and is essential for Governance, Risk, and Compliance (GRC) management.
Show less
Key Features
- Managerial Visibility: Managers can view work performed by their direct reports, enhancing accountability and transparency.
- GRC Properties: Administrators can enable user hierarchy access control, define recalculation frequency for user hierarchies, and set maximum batch sizes for recalculation.
- Enable user hierarchy access control by selecting "Yes".
- Adjust recalculation frequency to Daily, Weekly, or Monthly as needed.
- Modify the maximum batch size for processing records during hierarchy recalculation.
- Support Tables: Specific tables like
sngrchierarchy,sngrcuserhierarchy, andsngrcuserhierarchyconfigurationare utilized to maintain and display user hierarchy information.
Key Outcomes
By enabling the user hierarchy functionality, organizations can improve decision-making and reporting processes. GRC administrators can create user hierarchy configuration records, ensuring managers have the visibility necessary to monitor team performance effectively. This feature supports better alignment of responsibilities and enhances overall organizational efficiency.
With a user hierarchy, your managers can see the records of those users who report to them.
The user hierarchy is based on the configuration in the sys_user table. The user hierarchy is stored separately for the GRC tables.
To understand how a user hierarchy works, let's look at the following example. Users Abel and Jack report to Adam. Adam reports to Daniel. With a user hierarchy, Adam can view the work performed by Abel and Jack. Similarly, Daniel can view the work performed by Adam, Abel, and Jack.
In this example, the sales manager can see the data that the sales team has submitted. The VP of sales can see the data or reports that are submitted by the sales managers and the sales team.
The VP of service can see the data that is submitted by the service managers and the support team. The CEO of the organization can see the work performed by both sales and service teams.
Enabling the properties for the user hierarchy functionality
| Property | Action |
|---|---|
| Enable user hierarchy access control |
Enable the user hierarchy functionality by selecting the Yes option on the Enable user hierarchy access control property. This property is turned off by default. After you enable this property, you can also turn it off again. |
| Frequency of user hierarchy recalculation |
Use the Frequency of user hierarchy recalculation property to calculate the user hierarchy for all the records in the sn_grc_user_hierarchy_configuration table. The property is set to Weekly by default. To calculate the user hierarchy for the records at different intervals, select sn_grc.user_hierarchy_sync_frequency and change the schedule from Weekly to Daily or Monthly. |
| Maximum batch size while recalculating hierarchy for user hierarchy records |
Use the Maximum batch size while recalculating hierarchy for user hierarchy records property to process the records in a maximum batch size so that you can recalculate the user hierarchy of the records. This property is set to 1000 by default. To recalculate the user hierarchy of the records, select the property and update the maximum batch size to an integer value. |
Tables that are used to support the user hierarchy functionality
| Table | Description |
|---|---|
| sn_grc_hierarchy | Table that maintains the hierarchy of the users. |
| sn_grc_user_hierarchy | Table that displays the name of the user, the managerial hierarchy, and the last synchronized details. As a user with the sn_grc.user_hierarchy_reader role, you can read the records in this table. No other user can manually create, update, or delete the records in this table. |
| sn_grc_user_hierarchy_configuration | Table that contains a separate record for each table where the user hierarchy access control is enabled. As a GRC administrator, you can manually create and delete the records in this table. As a user with the sn_grc.user_hierarchy_admin role, you can also read or update the records in this table. |
User hierarchy configurations module
The User hierarchy configuration module is displayed in your instance only after you enable the user hierarchy properties. The User hierarchy configuration module, which is shown in the following example, lists the tables on which you have enabled the user hierarchy functionality.
Access control lists (ACLs): By default, a few access control lists are shipped with the GRC application, and they are stored in the sys_security_acl table. You can define a filter condition to check if the user hierarchy access control is enabled. You can create your own access control lists depending on your configuration and requirements.