¶ Organizational Inheritance in Diri
The organizational structure in Diri is not only a way to reflect how your business is organised — it is a core element of the system’s security and configuration model. Each organisation can be built as a hierarchical tree with multiple sub-levels, allowing for granular control of access, visibility, and configuration across departments, subsidiaries, or projects.
Inheritance ensures consistency and reduces administrative effort. Global settings are defined at the top organizational level and can be set to be inherited downwards in the application. This guarantees that company-wide rules and configurations are uniformly enforced across the entire organisation without the need for repetitive setup in each sub-level.
¶ Inheritance of settings
The top level inheritance setting dictates the behavior of sub-levels. Settings, such as risk matrix configurations, information classification levels, and restricted roles, can be inherited from the top level and downwards in the hierarchy. Inheritance dictates if the sub-level should inherit the settings from a higher branch and if they should be allowed to override them. Inheritance settings are only accessible to admins.
The settings are accessed through the organisational settings:
Select the “Inheritance” tab, here you will be met with four options.
Settings:
- Inherit - Determines if settings will be inherited in the org tree.
- Allow modification - Determines if admins on sub-levels will be allowed to edit the settings on their level. A setting change in a sub-org will not affect upwards, or affect data aggregation. E.g. a 3x3 risk matrix on a sub-level aggregates into a 4x4 risk matrix on a higher level.
Restricted roles:
- Inherit - Determines if the restricted roles settins will be inherited in the org tree. The settings for restriced roles are set in Roles & Access for User Risk and User Privacy.
- Allow modification - Determines if admins on sub-levels will be allowed to edit the settings on their level.
¶ Use cases for the top level settings
¶ Top level settings as unchangable master
If you wish for the organization to use the top level settings without the ability to edit, set it to “Inherit = Yes”, and "Allow modifications = No"
This configuration will show up as in the following picture for users and admins on sub-levels:
¶ Top level settings inherited, but changable (overridden) on sub-levels
If you want the sub-levels to be able to see the top level configuration, but retain the ability to change them. Enable both inheritance and modify.
¶ Inheritance settings for other things in Diri
¶ Assets, threats, and vulnerabilities
Inheritance settings for asset, threats, and vulnerabilities are found through the managed tables, use configure for the list and select “Can modify” and “Use Inherited” to view and edit the status:
¶ Other settings
Several of the settings have the option to inherit individual items, the inheritance button is shown below and dictates if an item will be accessible only on the organizational level or throughout the whole tree:
