User hierarchy of permissions

Permissions through relationships are only granted to the users with a direct relationship to the record. However, in many business cases, users are in hierarchical relationships, such as manager-subordinate. In these situations it is unusual to give access to lower levels of the hierarchy without providing access to users higher up in the reporting structure.

To solve this issue, Platform provides a "hierarchy of users" relationship: Direct Reports (one-to-many) and Reports To (many-to-one). For example, the Reporting Structure shows the list of Direct Reports who report to the user Mike Sancilardi and the Reports To field shows the list of people to whom Mike Sancilardi reports to.

Platform calculates a sub-tree of users who report (directly or indirectly) to the current user. All relationship-based permissions given to that sub-tree are also delegated to the current user.

Consider the following user hierarchy:

• Joe Recruiter
• Mike Sancilardi (reports to Joe)
• Taras Bulba (reports to Mike)

None of the users' groups have permission to access Order records, but the Owner relationship has full access:

There are three orders in the system with different owners. An administrator sees all three orders:

Joe Recruiter sees two orders (even if he does not own them directly). Access to these orders is granted through ownership of direct and indirect users below him in the hierarchy: