Configure access control

  • Release version: Xanadu
  • Updated November 27, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configure Access Control

    This guide outlines the configuration process for Entity-based access control (EBA) in Privacy Management. EBA allows organizations to limit user access to processing activity records and associated data based on their position within the organizational hierarchy, enhancing security and ensuring regulatory compliance.

    Show full answer Show less

    Key Features

    • Entity-based Access Plugin: Install and enable the plugin to activate EBA features for configuring access restrictions by legal entity.
    • Organizational Structure Setup: Establish parent-child relationships among entities, such as global, regional, and country-level entities.
    • Record Mapping: Map existing processing activity records to the corresponding entities to ensure accurate access enforcement.
    • User Access Assignment: Assign access permissions to individual users or groups based on the organizational structure, determining whether access applies solely to the selected entity or also to downstream entities.
    • Bulk Access Update: Switch from role-based to entity-based access for multiple records, applying restrictions across selected tables after validating affected records.
    • Continuous Monitoring: Implement entity-based record access rules to maintain updated access settings automatically for new or modified records.

    Key Outcomes

    By following these steps, administrators can ensure that only authorized privacy teams and users access relevant records, enhancing data security and supporting compliance with regulatory standards. The automatic updates of access controls streamline ongoing management as organizational changes occur, reducing the need for manual intervention.

    Describes the step-by-step process for configuring Entity-based access control in Privacy Management, including property activation, hierarchy setup, record mapping, user assignment, bulk updates, and activating entity-based record access rules.

    The following steps outline how to configure access control in Privacy Management using Entity-based access (EBA). This process enables organizations to restrict user access to processing activity records and related data according to their position in the organizational hierarchy. By following these steps, administrators can ensure that privacy teams and users only access records relevant to their assigned entities, supporting both security and regulatory compliance.

    1. Install Entity-based access plugin and enable the entity-based access control property. This activates entity-based access features and allows you to configure access restrictions by legal entity.

      For information, see Configure Entity-based access.

    2. Establish the organizational structure (parent-child relationships), where a global entity contains regional entities, and those in turn contain country-level entities.

      For information, see Add hierarchical relationships between entities.

    3. If processing activities already exist, map each record to the appropriate entity in the organizational hierarchy, ensuring it is correctly linked as a downstream entity under the relevant legal entity, jurisdiction, or other defined structure. This guarantees that access restrictions are enforced accurately, as each record is tied to the correct part of the organization.
    4. In the Entity Configuration module, do the following:
      • Provide access to teams and users based on your organizational structure. You can grant access to individual users, such as entity owners or privacy analysts, or to groups.
      • Specify whether access applies only to the selected entity or also to downstream entities. This step ensures that only the appropriate teams or users can access records for their part of the organization.

      For information, see Create an entity configurations.

    5. Run a bulk access update to switch from role-based access to entity-based access for all applicable records. Bulk Access Update enforces entity-based access restrictions across relevant records in Privacy Management.
      When performing a bulk update:
      • Select the entity configuration and associated entities.
      • Choose the tables where restrictions apply (for example, Processing Activity or Privacy Assessment).
      • Preview the affected records to validate changes.
      • Enable the update to apply restrictions.
      The system queues a scheduled job that processes the update and applies the new access rules to all selected records.

      For information on how to run batch updates, see Set access restrictions using an entity based record access update utility.

    6. Use entity-based record access rules to enable continuous monitoring. These rules automatically apply restrictions to new or modified records, ensuring access settings stay enforced without manual updates. When the structure of the entities change, the system updates access controls automatically.

      For information on how to configure entity-based record access rules, see Set Entity based record access rules.