We can use Hierarchy Security to implement complex security requirements. It lets us access data of the immediate reportee, the person who works under us. By default, Hierarchy Security is disabled. We can enable it and select which type of hierarchy security we are going to use. We can also set the depth of the hierarchy security, which defines the level at which we will be able to access data in the reportee hierarchy. We can exclude an entity if we don't want to access its data, as shown in the following screenshot:

There are two types of hierarchy security:

• Manager: This type of hierarchy security is implemented within the same business unit. Let's say we have three users A, B, and C, where user A is the manager of user B, and user B is the manager of user C. All of the users have user-level access in their security role, which means they can only access records owned by them, shared with them, and assigned to them. After implementing Manager security, user A can access and modify data of user B, as well as being able to access data of user C who is under their direct reportee (in our case, user B is the manager of user C).
• Position: This type of hierarchy is used to implement security based on the position of the user, and it is implemented in cross-business units. This security works similar to Manager security but is based on the position of the user instead of the manager.