cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
dave8
Impactful Individual
Impactful Individual

How Parent Business Unit works?

Hello,

 

As per my understanding, users in Parent BU will have access on every child BUs resources that comes under that parent BU.

 

Please find the setup as follows:

 

BUParent BUTeamTeam Security RoleUser
IT001 Admin BUOrgBUIT001 Group TeamApp Security RoleIT001U1
IT002 BUIT001 Admin BUIT002 Group TeamApp Security RoleIT002U1
IT003 BUIT001 Admin BUIT003 Group TeamApp Security RoleIT003U1
IT004 BUIT001 Admin BUIT004 Group TeamApp Security RoleIT004U1

Security Role is scoped at BU level for write and delete operations while rest of the operations are at org level.

 

Now, as per the above setup, I assume, user IT001U1 can have access on everything created under IT001 Admin BU, however records are still behaving as per the assigned security role to IT001U1.

 

Can you please clarify, what access level users get when added into the Parent BU? What is the importance of adding user into Parent BU?

 

Thanks and Regards,

1 ACCEPTED SOLUTION

Accepted Solutions
Mira_Ghaly
Dual Super User II
Dual Super User II

Hi @dave8 

It depends on how you configure your security role , so if the User in Parent Organization and needs to access records in the Child organization so the access should be as below:

Mira_Ghaly_0-1597136553511.png

 

 

If this post helps you with your problem, please mark your as Accepted solution.

If you like my response, please give it a Thumbs Up.

MG (Naturally Curious)

If this post helps you with your problem, please mark your as Accepted solution.If you like my response, please give it a Thumbs Up.

Blog: here

View solution in original post

8 REPLIES 8
Mira_Ghaly
Dual Super User II
Dual Super User II

Hi @dave8 

It depends on how you configure your security role , so if the User in Parent Organization and needs to access records in the Child organization so the access should be as below:

Mira_Ghaly_0-1597136553511.png

 

 

If this post helps you with your problem, please mark your as Accepted solution.

If you like my response, please give it a Thumbs Up.

MG (Naturally Curious)

If this post helps you with your problem, please mark your as Accepted solution.If you like my response, please give it a Thumbs Up.

Blog: here

View solution in original post

dave8
Impactful Individual
Impactful Individual

Hi @Mira_Ghaly 

 

Thank you for your response, it was very helpful.I see after changing the BUs of users and Security role  with Child-Parent BU scope, users from parent BU can work on records created by users from child BU - If both the users have same security role assigned and hence app.

 

so, this is about the CDS records impact with parent-child BUs, however how about the app.

 

Let's assume that user from child BU has created an app, then will this app be visible by user from parent BU? or it can only be visible if user is assigned with the app's security role?

 

How to make user from Parent BU to see everything (App,entity,records - anything in D365) done by user from Child BU?

 

Thanks,

 

Mira_Ghaly
Dual Super User II
Dual Super User II

@dave8 

What type of app you are referring to?

If this post helps you with your problem, please mark your as Accepted solution.If you like my response, please give it a Thumbs Up.

Blog: here
dave8
Impactful Individual
Impactful Individual

anything created by user from child BU under D365, so Model driven App.

 

How to make user from Parent BU to see everything (App,entity,records - anything in D365) done by user from Child BU?

 

Thanks and Regards,

Mira_Ghaly
Dual Super User II
Dual Super User II

@dave8 

When a Model Driven App is created , the users accessing the app will be dependent on the Security Role assigned to the App, So any user with the same security role assigned to the APP can access the Model Driven Apps.

 

For Canvas app , any user whom the canvas app is shared with can access the App.

 

Of course this is based on the Assigned Licenses to the users.

 

If this post helps you with your problem, please mark your as Accepted solution.

If you like my response, please give it a Thumbs Up.

MG (Naturally Curious)

 

 

If this post helps you with your problem, please mark your as Accepted solution.If you like my response, please give it a Thumbs Up.

Blog: here
dave8
Impactful Individual
Impactful Individual

Yes, this information I am aware of, however does it mean that user from parent BU must have security role assigned to the app, even if the app is shared with parent-child BU scope role to user from child BU in order to see app created in D365 ?

 

Meaning, there is nothing like an Admin rights on group of teams - but it's all about "Security Role" assignment to the user/app?

 

Thanks and Regards,

Mira_Ghaly
Dual Super User II
Dual Super User II

@dave8 

Exactly for the Model Driven app it is all dependent on the Security Role.

If this post helps you with your problem, please mark your as Accepted solution.If you like my response, please give it a Thumbs Up.

Blog: here
dave8
Impactful Individual
Impactful Individual

Thank you for your time on this! Awesome you!

 

Regards,

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

M365 768x460.jpg

Microsoft 365 Collaboration Conference | December 7–9, 2021

Join us, in-person, December 7–9 in Las Vegas, for the largest gathering of the Microsoft community in the world.

Users online (2,904)