Entities

    Organisational hierarchy — offices, departments, and teams

    What are Entities?

    Entities represent your organisation's structure inside Anzen. An entity can be an office, a department, a team, or any other organisational unit you want to model. They form a tree-shaped hierarchy: every entity can have a single parent and any number of children.

    Each entity has a name and an optional parent. Top-level entities (offices, divisions) have no parent. Sub-entities (departments, teams) sit underneath their parent, creating an organisational tree of any depth.

    Why Entities Matter

    Almost everything in Anzen is scoped to an entity. When you create a configuration item, a ticket, an application, a control, or an issue, you assign it to an entity. This scoping drives two critical features:

    • Data organisation — filter and view resources by department, office, or team.
    • Permission inheritanceroles scoped to a parent entity automatically apply to all its children.

    Parent-Child Relationships

    The entity hierarchy lets you nest entities to any depth. For example:

    • Global HQ (no parent)
    •   ↳ EU Office (parent: Global HQ)
    •     ↳ EU Engineering (parent: EU Office)
    •     ↳ EU Sales (parent: EU Office)
    •   ↳ US Office (parent: Global HQ)

    What Entities Scope

    The following areas are linked to an entity:

    • Configuration items — every asset belongs to exactly one entity.
    • Applications — each application is owned by an entity.
    • Tickets — incidents, problems, and changes are filed against an entity.
    • Controls — security controls are scoped to an entity.
    • Issues — risk findings belong to an entity.
    • Roles — roles can be scoped to a specific entity to restrict their effect.
    • Business processes — processes can be linked to multiple entities.

    Permission Inheritance

    When a role is scoped to an entity, its permissions automatically cascade down through the hierarchy. A role scoped to "EU Office" also grants access to "EU Engineering" and "EU Sales" — no additional configuration needed.

    When checking a permission on a child entity, Anzen looks upward through all parent entities to see whether any of the user's roles apply. This means you only need to configure access once at the appropriate level.

    Archiving and Restoration

    When you delete an entity, it is archived rather than permanently removed. Archived entities are hidden from everyday views but can be restored at any time. This protects against accidental data loss — particularly important because deleting an entity affects every resource scoped to it.