Hi Amit,
From my understanding, you don't need separate encryption keys for each supervisor or division. The encryption keys protect recordings at the organization level, while access is controlled through roles, permissions, and divisions.
For your first question, division administrators can be granted access to recordings within their assigned division. However, I don't believe Genesys Cloud natively restricts recording playback based on a supervisor's direct reports. If each supervisor has a dedicated queue, queue-based permission conditions may help scope access. Otherwise, access is typically managed at the division level rather than by manager/subordinate relationships.
For your second question, if you embed recording playback into a third-party application, the application doesn't need to manage or select encryption keys. Genesys Cloud handles decryption transparently based on the authenticated user's permissions and the organization's encryption key configuration.
Hope this helps.
------------------------------
Phaneendra
Technical Solutions Consultant
------------------------------