Configure access control

  • Release version: Yokohama
  • Updated November 27, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configure Access Control

    This guide provides a step-by-step process for configuring Entity-based Access Control (EBA) in Privacy Management. This setup allows organizations to restrict user access to processing activity records based on their position within the organizational hierarchy, promoting security and compliance with regulations.

    Show full answer Show less

    Key Features

    • Entity-based Access Activation: Install the Entity-based access plugin and enable the corresponding property to activate EBA features.
    • Organizational Structure Setup: Establish a parent-child hierarchy of entities, ensuring proper mapping for access control.
    • User Access Assignment: Grant access to individual users or groups based on their roles within the organizational structure, with options for applying access to downstream entities.
    • Bulk Access Update: Transition from role-based access to entity-based access across multiple records, with a preview option to validate changes prior to finalizing updates.
    • Continuous Monitoring: Implement entity-based record access rules for automatic enforcement of access settings on new or modified records.

    Key Outcomes

    By following these steps, administrators can ensure that privacy teams and users have access only to the records relevant to their assigned entities, enhancing data security and supporting compliance efforts. The automated update of access controls when entity structures change further streamlines management and oversight of sensitive data.

    Describes the step-by-step process for configuring Entity-based access control in Privacy Management, including property activation, hierarchy setup, record mapping, user assignment, bulk updates, and activating entity-based record access rules.

    The following steps outline how to configure access control in Privacy Management using Entity-based access (EBA). This process enables organizations to restrict user access to processing activity records and related data according to their position in the organizational hierarchy. By following these steps, administrators can ensure that privacy teams and users only access records relevant to their assigned entities, supporting both security and regulatory compliance.

    1. Install Entity-based access plugin and enable the entity-based access control property. This activates entity-based access features and allows you to configure access restrictions by legal entity.

      For information, see Configure Entity-based access.

    2. Establish the organizational structure (parent-child relationships), where a global entity contains regional entities, and those in turn contain country-level entities.

      For information, see Add hierarchical relationships between entities.

    3. If processing activities already exist, map each record to the appropriate entity in the organizational hierarchy, ensuring it is correctly linked as a downstream entity under the relevant legal entity, jurisdiction, or other defined structure. This guarantees that access restrictions are enforced accurately, as each record is tied to the correct part of the organization.
    4. In the Entity Configuration module, do the following:
      • Provide access to teams and users based on your organizational structure. You can grant access to individual users, such as entity owners or privacy analysts, or to groups.
      • Specify whether access applies only to the selected entity or also to downstream entities. This step ensures that only the appropriate teams or users can access records for their part of the organization.

      For information, see Create an entity configurations.

    5. Run a bulk access update to switch from role-based access to entity-based access for all applicable records. Bulk Access Update enforces entity-based access restrictions across relevant records in Privacy Management.
      When performing a bulk update:
      • Select the entity configuration and associated entities.
      • Choose the tables where restrictions apply (for example, Processing Activity or Privacy Assessment).
      • Preview the affected records to validate changes.
      • Enable the update to apply restrictions.
      The system queues a scheduled job that processes the update and applies the new access rules to all selected records.

      For information on how to run batch updates, see Set access restrictions using an entity based record access update utility.

    6. Use entity-based record access rules to enable continuous monitoring. These rules automatically apply restrictions to new or modified records, ensuring access settings stay enforced without manual updates. When the structure of the entities change, the system updates access controls automatically.

      For information on how to configure entity-based record access rules, see Set Entity based record access rules.