Hierarchy security is the feature most enterprises know exists and few use correctly. It promises managers automatic visibility into their team’s records without team membership gymnastics. The reality is more constrained.
Two flavors, very different behavior
There is Manager hierarchy (uses the Manager field on the user record) and Custom Position hierarchy (uses positions you define). Manager hierarchy is conceptually simpler but couples your CRM permissions to whatever HR feeds into Microsoft Entra. Position hierarchy decouples them. Pick position unless your org chart is genuinely stable.
The depth limit no one mentions
Hierarchy security applies to a maximum of 100 levels and, more importantly, only the immediate superior gets Read + Write + Append + Append To. Everyone above gets Read only. If your VP needs to reassign opportunities owned three levels down, hierarchy security will not let them.
Performance cost is real
Every hierarchy security check joins against the Position table at query time. On a view returning 5,000 opportunities for a senior manager, expect 200-400ms of additional latency. Disable hierarchy security on high-volume tables (activitypointer, email, phonecall) where the manager almost never needs cross-team visibility.
Settings -> Security -> Hierarchy Security -> Entities
-> Uncheck activitypointer, email, phonecallThe shared records loophole
Hierarchy security does not propagate to shared records. If a peer shares an account with another peer, the manager of the second peer cannot see the share grant. Auditors flag this as undocumented data flow. Document it explicitly in your data classification.
Combining with BUs
Hierarchy security operates within a single business unit by default. Cross-BU visibility still requires team ownership or Parent: Child Business Units privileges. Most “hierarchy is broken” tickets are actually BU boundary tickets in disguise.
When to use it
- Sales orgs with stable position hierarchies and a real “manager sees subordinate’s deals” requirement.
- Service orgs where queue managers need oversight without being added to every team.
- Regulated industries where the read-only oversight model maps to compliance requirements.
When to skip it
- Matrix organizations where reporting lines change quarterly.
- High-volume tables where the additional join is not worth it.
- Any case where you actually need write, not just read.
What to do this week
Open Settings -> Security -> Hierarchy Security and confirm which tables it applies to. Remove activity tables. Then run a query as a senior manager and time the difference. Most environments save 30%+ on view load time.
