web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
🚀 Season of Sharing Community Challenge Launch!
Ask A Community Pro - Series II
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / How Parent Business Un...
Power Apps
Answered

How Parent Business Unit works?

(0) ShareShare
ReportReport
Posted on by Dave Wi

Hello,

 

As per my understanding, users in Parent BU will have access on every child BUs resources that comes under that parent BU.

 

Please find the setup as follows:

 

BUParent BUTeamTeam Security RoleUser
IT001 Admin BUOrgBUIT001 Group TeamApp Security RoleIT001U1
IT002 BUIT001 Admin BUIT002 Group TeamApp Security RoleIT002U1
IT003 BUIT001 Admin BUIT003 Group TeamApp Security RoleIT003U1
IT004 BUIT001 Admin BUIT004 Group TeamApp Security RoleIT004U1

Security Role is scoped at BU level for write and delete operations while rest of the operations are at org level.

 

Now, as per the above setup, I assume, user IT001U1 can have access on everything created under IT001 Admin BU, however records are still behaving as per the assigned security role to IT001U1.

 

Can you please clarify, what access level users get when added into the Parent BU? What is the importance of adding user into Parent BU?

 

Thanks and Regards,

Categories:
Governance & administering
I have the same question (0)
  • Verified answer
    Mira Ghaly Profile Picture
    Mira Ghaly 11,415 Moderator on at

    Hi @dave8 

    It depends on how you configure your security role , so if the User in Parent Organization and needs to access records in the Child organization so the access should be as below:

    Mira_Ghaly_0-1597136553511.png

     

     

    If this post helps you with your problem, please mark your as Accepted solution.

    If you like my response, please give it a Thumbs Up.

    MG (Naturally Curious)

  • Dave Wi Profile Picture
    Dave Wi on at

    Hi @Mira_Ghaly 

     

    Thank you for your response, it was very helpful.I see after changing the BUs of users and Security role  with Child-Parent BU scope, users from parent BU can work on records created by users from child BU - If both the users have same security role assigned and hence app.

     

    so, this is about the CDS records impact with parent-child BUs, however how about the app.

     

    Let's assume that user from child BU has created an app, then will this app be visible by user from parent BU? or it can only be visible if user is assigned with the app's security role?

     

    How to make user from Parent BU to see everything (App,entity,records - anything in D365) done by user from Child BU?

     

    Thanks,

     

  • Mira Ghaly Profile Picture
    Mira Ghaly 11,415 Moderator on at

    @dave8 

    What type of app you are referring to?

  • Dave Wi Profile Picture
    Dave Wi on at

    anything created by user from child BU under D365, so Model driven App.

     

    How to make user from Parent BU to see everything (App,entity,records - anything in D365) done by user from Child BU?

     

    Thanks and Regards,

  • Mira Ghaly Profile Picture
    Mira Ghaly 11,415 Moderator on at

    @dave8 

    When a Model Driven App is created , the users accessing the app will be dependent on the Security Role assigned to the App, So any user with the same security role assigned to the APP can access the Model Driven Apps.

     

    For Canvas app , any user whom the canvas app is shared with can access the App.

     

    Of course this is based on the Assigned Licenses to the users.

     

    If this post helps you with your problem, please mark your as Accepted solution.

    If you like my response, please give it a Thumbs Up.

    MG (Naturally Curious)

     

     

  • Dave Wi Profile Picture
    Dave Wi on at

    Yes, this information I am aware of, however does it mean that user from parent BU must have security role assigned to the app, even if the app is shared with parent-child BU scope role to user from child BU in order to see app created in D365 ?

     

    Meaning, there is nothing like an Admin rights on group of teams - but it's all about "Security Role" assignment to the user/app?

     

    Thanks and Regards,

  • Mira Ghaly Profile Picture
    Mira Ghaly 11,415 Moderator on at

    @dave8 

    Exactly for the Model Driven app it is all dependent on the Security Role.

  • Dave Wi Profile Picture
    Dave Wi on at

    Thank you for your time on this! Awesome you!

     

    Regards,

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
🚀 Season of Sharing Community Challenge Launch!
Ask A Community Pro - Series II

Quick Links

Season of Sharing Community Challenge Launch!

Jump in, show your community spirit, and win prizes!

Kudos to our 2025 Community Spotlight Honorees

Expanding mentorship, skilling, and AI innovation

Congratulations to the May Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
Valantis Profile Picture

Valantis 421

#2
WarrenBelz Profile Picture

WarrenBelz 345 Most Valuable Professional

#3
Kalathiya Profile Picture

Kalathiya 278 Super User 2026 Season 1

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans