Entity Based Access lets you restrict access to risks, controls, issues, and related objects based on the entities a user or group is associated with. Instead of relying on roles, you can scope data visibility to the business units, locations, or legal entities that are directly relevant to each user's responsibilities. Access automatically adjusts as assignments change, reducing the risk of unauthorized data exposure and keeping users focused on the records that matter to their work.
A framework that supports access configuration based on entities. For example, you can use this to restrict access to risks and controls for specific locations or entities to certain user groups or users.
This release adds new security restrictions, performance improvements, and localization updates to GRC Entity-Based Access.
Audit Workspace restricts sensitive configurations: Access configuration records flagged as audit-relevant are now visible only to users with the Third Line Manager role when Audit Workspace is installed alongside Entity-Based Access, hiding them from general users to enhance audit security.
Row-level query security enforced platform-wide: All Entity-Based Access tables now have platform-managed row-level query restrictions, ensuring that users only see rows they are authorized to access during list views, reports, and REST queries, improving security and performance.
Preservation of custom query ACLs: During plugin installation and upgrades, custom query-level ACLs are detected and preserved by deactivating conflicting platform defaults, ensuring that customer customizations remain intact and clearly distinguished from system-supplied ACLs.
Improved access resolution performance: The process determining user access to parent records has been optimized to deduplicate matching records within the database, resulting in faster list loads and access checks without changing which records users can see.
Tightened authorization on table-label lookup: The internal service that returns display labels for Entity-Based Access reference tables now checks read permissions before providing the label, preventing unauthorized users from seeing table names in the user interface.
Localization updates in 23 languages: Translations for system messages, UI labels, and documentation have been refreshed across 23 languages, improving the experience for non-English speakers and ensuring previously missing strings are now translated.
The following GRC application must be installed and active:
- GRC: Profiles (com.sn_grc)
- GRC: Common Workspace Elements (com.sn_grc_workspace)