This function is available only for super administrators and administrators with member and department permission.

I. Intro

To ensure data security and privacy, administrators can set the scope of the organizational structure that users see in their Contact ＞ Organization page in the Lark app.

II. Steps

Go to the Lark Admin Console.
From the left navigation, click Security > User Permissions > Visible Scope Of Organization.

Admins can then edit the main and supplementary rules that control the visibility scope of their organization's structure.

Main rules management

On the Visible scope of organization page, click Edit in the upper-right corner. Then, under the Main Rule section, select one of the following options: User can see anyone, User can see their unit, User can see their department, and User can't see anyone. Then, click Save to set the main rule.

Note: To set the User can see their unit rule, you must enable the "manage company unit" function. To learn more, see How to manage company units in admin console

The permissions for each of the main rules are described below:

User can see everyone: All users in the organization can see all other members.

User can see their unit: Organization members can only see the organizational structure of their own unit.

If a user under this rule doesn't belong to any units, then that user will follow the User can see their department main rule.

User can see their department: Members can only view people that are in their department and sub-departments.

User can't see anyone: No one in the organization can view anyone else.

If User can't see anyone is selected, you can also choose to select Supervisors can see their supervised department. If selected, then by default, no one in the organization can see anyone else. However, department supervisors can see everyone in the department and sub-department that they manage.

Click Save.

Supplementary rules

Click Add Rule Set to create a rule set.

You can edit rules in the new rule set. You can select Subject and Object through the selection component, and select Can access or Can't access. You can also click Add Rule to add more rules.
Click Save.
For supplementary rules, users, departments, and user groups can be added as subjects, and users and departments can be added as objects.

The permissions corresponding to the supplementary rules are described below:

When a user is affected by the subject of the supplementary rule (that is, the user is a rule subject, in the department of the rule subject, or in the user group of the rule subject), then whether the user can see the objects in the supplementary visibility rules depends on the supplementary rules. Also, whether objects other than the objects of the supplementary rules are visible to the user depends on the main rules.
When a user is affected by the subject of multiple supplementary rules, if the actions of multiple rules are either Can access or Can't access, then it will be a collection of rule objects that can be or can't be accessed by the end user.
When a user is affected by the subject of multiple supplementary rules, if multiple rules are both Can access and Can't access and the can access or can't access objects overlap, they will be handled according to the default priority settings, which are as follows:

If there is a parent-level department and sub-department relationship, the sub-department takes priority. For example, if Rule 1 allows User A access to Department 1, Rule 2 doesn't allow User A access to User B, and User B is part of Department 1, then User A has access to everyone in Department 1 except for User B.

If there isn't a parent-level department and sub-department relationship, then the Can't access rule takes priority. For example, if Rule 1 allows User A access to Department 1 and Rule 2 doesn't allow User A access to Department 1, then User A doesn't have access to Department 1.

If you need to manually adjust the priorities of the supplementary rules, click Add Rule Set. You can create up to 2 rule sets. The rules in Rule Set 1 take precedence over those in Rule Set 2.

Verify permission rules

You can click Verify Permission Rules to verify whether the rules you've created work as expected.

On the Verify Permission Rules window, enter the subject and object and click Verify to see if the subject can view the object under the current permission rules.