Consider the below Business Entity hierarchy:
Level 0 BE -> Level 1 BE -> Level 2 BE -> Level 3 BE
If a users security context point is /Level 0 BE/Level 1 BE/Level 2 BE/Level 3 BE, then the user can still access the details of all the top level Business Entities in the primary parent path of 'Level 3 BE'. Instead of granting full READ access to the Parent BEs, wouldn't it be better to just provide Navigational access where you can navigate from Level 0 BE to Level 3 BE but the user cannot view details of Level 0 BE through Level 2 BE.
Yes, we can apply Field Level Security Rules, but just granting navigational access would be a much cleaner approach as there is a maintenance involved (to the rules) when new fields are added.
|Priority||Medium - Important|