You are here:
Controlling Access Using the Role Hierarchy Control
In the role hierarchy, users have access to records owned by or shared with users in roles below them. Roles within the hierarchy affect access to components, such as records and reports.
Control Name
Controlling Access using the role hierarchy, groups, and sharing rules
Recommended Configuration
Grant Access Using Hierarchies - Selected on the Sharing Settings page:
Setup>Sharing Settings>Organization-Wide Sharing Defaults Edit>Selected Object enable “Grant Access Using Hierarchies”.
Control Overview
In the role hierarchy, users have access to records owned by or shared with users in roles below them. Roles within the hierarchy affect access on components, such as records and reports.
Security Risk If Not Configured
Not enabling the "Grant Access Using Hierarchies" setting for custom objects prevents managers and superiors from automatically inheriting access to records owned by their subordinates, leading to significant data silos and fragmented visibility.
This lack of automated access forces administrators to rely on complex, manual sharing rules to maintain oversight, which increases the risk of configuration errors and over-provisioning "View All" or "Modify All" permissions as a risky workaround to restore necessary visibility.
Threat Scenarios
A manager attempts to generate an urgent compliance report but is blocked because hierarchical access is disabled for a custom object, prompting an administrator to grant "View All" permissions as a quick workaround.
This excessive privilege allows the manager—or a threat actor who compromises their account—to bypass all row-level security and access sensitive records across the entire company that they were never intended to see.
Estimated CVSS Score Range
Critical (9.0–10.0).
Risk Impact Considerations
Increased risks depending on the company structure, number of users and roles and profiles in the orgs.
Higher Risk When
The risk of disabling hierarchical access is further compounded by a lack of granular permission set governance, which often drives administrators to grant broad "View All" or "Modify All" permissions to managers as a quick but insecure visibility workaround.
Furthermore, a lack of an automated sharing strategy (such as dynamic sharing rules or Apex sharing) and the absence of periodic access review to make sure manual "one-off" sharing assignments become unmanageable, eventually leading to significant over permission and data overexposure.
Low or No Risk When
To minimize the risk of data silos when hierarchical access is disabled, companies can implement Criteria-Based Sharing Rules or Manual Sharing to explicitly grant record visibility to specific managers or public groups based on business needs.
Additionally, using Apex Managed Sharing for complex scenarios or using Public Groups and Teams makes sure that oversight is maintained through granular, documented exceptions rather than relying on broad and risky "View All" administrative permissions.
Business and Integration Considerations
User access and permission based on roles.
Recommended Remediation
Implement periodic access review and enable access using hierarchies.
Security Health Review Guidance
N/A - Currently not inspected by the Security Health Review tool.
