Unanswered

¿Business Units or Teams?

(0) Share

Report

Posted on by guillem95

I have defined some business units for my environment, but I do not know how to define my security model. I would like to define an access model where users can see records owned by their group, and some privileged users who can see all records.

I am having trouble to set the team as default owner. Besides, I can achieve this easily using business units, but I have the following questions:

- When I have to use Business Unit and when I have to use Teams groups?

- Why assign users to teams while they are default members of the root business unit?

Thanks in advance!

Categories:

Microsoft Dataverse with Power Apps

I have the same question (0)

All responses (3)

Answers (0)

Fubar 8,338 Super User 2025 Season 2 on at

Like (0)

Report

If you need Separation and/or Segmentation of your data then you use Business Units i.e. you need data to be contained in such a way that users cannot View/update etc other business units data.

Business Units are in fact Teams. Each BU has a default Team and users created/moved to the BU become members of that default team (and are only ever part of 1 BU Team).
If you have a BU structure in place then you can Teams to access data that sit in other 'sibling' nodes of the structure (only limited ways you can do this without assigning Global privileges).

Why when part of default BU, this also depends on Security Role Privileges that you have assigned to the users/teams. Often you will have multiple Security Roles to restrict what sets of users can do at some point you may decide to Assign the privilleges to a Team rather than manage them against individual users i.e. Users inherit permissions of the Teams they belong to.

Was this reply helpful? Yes No
guillem95 on at

Like (0)

Report

Hello @Fubar ,

What I have understood is that Teams can own records instead of BU. Teams does not allow access to records of its members, if the record is owned by a user.

Let's suppose the following example:

User A belongs to "BU A", and he/she owns a record called "Example" in the Table A.
User B does not belong to the "BU A", but is member of a team, called "TEAM B", that belongs to the "BU A".

User B can write/read the record "Example" in the Table A?

Many thanks!!

Was this reply helpful? Yes No
Fubar 8,338 Super User 2025 Season 2 on at

Like (0)

Report

A record can be owned by either a User or a Team (both users and teams are bound to the BU they are assigned to i.e. team or user can only belong to 1 BU at a point in time).

A User will inherit privileges off of a Team they belong to Where the Team has been assigned a Security Role.

In your example User B does not get access to the records in BU A just because they are a member of Team B. They only get access if either User B has a Security Role with a Global privilege for the record in question OR Team B has been assigned a Security Role that has privileges to the record - in the Team part User B inherits privileges to BU A via the Security Role of Team B.

(note: at this point I am excluding anything to do with hierarchy or position based, and also record Sharing and access Team grids - as this opens another can or worms)

Was this reply helpful? Yes No