User hierarchy
Summarize
Summary of User Hierarchy Governance, Risk, and Compliance
The user hierarchy enables managers to view the records of users reporting to them, enhancing visibility and oversight within the Governance, Risk, and Compliance (GRC) framework. This hierarchy is derived from the sysuser table and is specifically maintained for GRC tables, allowing for structured oversight across different management levels.
Show less
Key Features
- User Hierarchy Access Control: GRC administrators can enable this feature by selecting "Yes" in the relevant property settings. It is off by default but can be toggled as needed.
- Hierarchy Recalculation Frequency: Default recalculation is set to weekly, but administrators can adjust this to daily or monthly based on organizational needs.
- Batch Size Management: Administrators can modify the maximum batch size for recalculating user hierarchy records, with a default setting of 1000.
- Supporting Tables: Key tables such as sngrchierarchy, sngrcuserhierarchy, and sngrcuserhierarchyconfiguration support the user hierarchy functionality.
Key Outcomes
By enabling the user hierarchy, organizations can ensure that managers have the necessary visibility over their teams’ work, thereby improving accountability and decision-making processes. It allows for streamlined oversight through the automated recalculation of user hierarchies, facilitating better management and compliance within the GRC framework.
With a user hierarchy, your managers can see the records of those users who report to them.
The user hierarchy is based on the configuration in the sys_user table. The user hierarchy is stored separately for the GRC tables.
To understand how a user hierarchy works, let's look at the following example. Users Abel and Jack report to Adam. Adam reports to Daniel. With a user hierarchy, Adam can view the work performed by Abel and Jack. Similarly, Daniel can view the work performed by Adam, Abel, and Jack.
In this example, the sales manager can see the data that the sales team has submitted. The VP of sales can see the data or reports that are submitted by the sales managers and the sales team.
The VP of service can see the data that is submitted by the service managers and the support team. The CEO of the organization can see the work performed by both sales and service teams.
Enabling the properties for the user hierarchy functionality
| Property | Action |
|---|---|
| Enable user hierarchy access control | Enable the user hierarchy functionality by selecting the Yes option on the Enable user hierarchy access control property. This property is turned off by default. After you enable this property, you can also turn it off again. |
| Frequency of user hierarchy recalculation | Use the Frequency of user hierarchy recalculation property to calculate the user hierarchy for all the records in the sn_grc_user_hierarchy_configuration table. The property is set to Weekly by default. To calculate the user hierarchy for the records at different intervals, select sn_grc.user_hierarchy_sync_frequency and change the schedule from Weekly to Daily or Monthly. |
| Maximum batch size while recalculating hierarchy for user hierarchy records | Use the Maximum batch size while recalculating hierarchy for user hierarchy records property to process the records in a maximum batch size so that you can recalculate the user hierarchy of the records. This property is set to 1000 by default. To recalculate the user hierarchy of the records, select the property and update the maximum batch size to an integer value. |
Tables that are used to support the user hierarchy functionality
| Table | Description |
|---|---|
| sn_grc_hierarchy | Table that maintains the hierarchy of the users. |
| sn_grc_user_hierarchy | Table that displays the name of the user, the managerial hierarchy, and the last synchronized details. As a user with the sn_grc.user_hierarchy_reader role, you can read the records in this table. No other user can manually create, update, or delete the records in this table. |
| sn_grc_user_hierarchy_configuration | Table that contains a separate record for each table where the user hierarchy access control is enabled. As a GRC administrator, you can manually create and delete the records in this table. As a user with the sn_grc.user_hierarchy_admin role, you can also read or update the records in this table. |
User hierarchy configurations module
The User hierarchy configuration module is displayed in your instance only after you enable the user hierarchy properties. The User hierarchy configuration module, which is shown in the following example, lists the tables on which you have enabled the user hierarchy functionality.
Access control lists (ACLs): By default, a few access control lists are shipped with the GRC application, and they are stored in the sys_security_acl table. You can define a filter condition to check if the user hierarchy access control is enabled. You can create your own access control lists depending on your configuration and requirements.