Access control isn't just 'can they do it?' It's 'what should they even see?' Most systems push that responsibility into your application. Canopy enforces it at the API level. Users only see the parts of the hierarchy where they have assignments. Everything else never leaves the server.
Scoped visibility is not a frontend convenience. It's a server-side guarantee. When a user requests the hierarchy tree, Canopy returns only the nodes at and below their assignment points. Unauthorized nodes don't get filtered out. They never get fetched. If a user shouldn't see it, it never leaves the server.
Without scoped visibility, your application has to filter results client-side or build custom query logic per user. With Canopy, the API does the scoping for you.
Canopy's hierarchy access service determines which nodes an identity can see based on their role assignments. A regional manager assigned at 'West Region' sees that region and everything below it. A team lead assigned at a specific team sees only that team. A global admin sees the entire tree.
When assignments change, visibility updates instantly. Promote someone to a higher node and they immediately see more of the tree. Remove an assignment and those nodes disappear from their view. No cache to invalidate, no permissions to recalculate manually.
Scoped visibility enables hierarchical navigation UIs, permission-aware dashboards, filtered APIs without custom query logic, and secure multi-tenant data access. Your application doesn't need to understand the hierarchy. Canopy enforces it for you.
A company with 50 offices across 5 regions assigns regional managers at each region node. Each manager sees only their region's offices, teams, and identities. The CEO, assigned at the root, sees everything. A new office added under West Region is immediately visible to the West regional manager, and invisible to everyone else.