Record ownership across Business Units: under the hood

Record ownership across Business Units (aka Matrix data access structure) is a powerful and long-awaited feature, that bridges an existing gap between Power Platform / Dynamics and competitors such as Salesforce that for years had similar features.

It can be enabled via PPAC using the following steps:

1. Select the environment where you want to enable the feature
2. Click on Settings

1. Expand the Product node and select Features

1. Search for Record ownership across Business Units

1. Click on the toggle button to enable the feature and then Save.

The operation may take a while, grab a coffee ☕ and wait 😉.

🔍 Under the hood

That flag value is technically stored in the orgdborgsettings field of the organization table. That field is a special field designed to hold organization settings in a flexible, xml based, way.

Its content is similar to the following one:

<OrgSettings>
    <IsCommandingModifiedOnEnabled>true</IsCommandingModifiedOnEnabled>
    <CanCreateApplicationStubUser>false</CanCreateApplicationStubUser>
    <EnableActivitiesTimeLinePerfImprovement>1</EnableActivitiesTimeLinePerfImprovement>
    <EnableActivitiesFeatures>1</EnableActivitiesFeatures>
    <AllowRoleAssignmentOnDisabledUsers>false</AllowRoleAssignmentOnDisabledUsers>
    <IsRetentionEnabled>true</IsRetentionEnabled>
    <IsArchivalEnabled>true</IsArchivalEnabled>
    <TDSListenerInitialized>1</TDSListenerInitialized>
    <EnableOwnershipAcrossBusinessUnits>true</EnableOwnershipAcrossBusinessUnits>
    <IsPreferredSolutionEnabled>true</IsPreferredSolutionEnabled>
    <RecomputeOwnershipAcrossBusinessUnits>true</RecomputeOwnershipAcrossBusinessUnits>
    <IsLinkToFabricEnabled>true</IsLinkToFabricEnabled>
    <IsFabricVirtualTableEnabled>true</IsFabricVirtualTableEnabled>
    <AllowAccessToTDSEndpoint>false</AllowAccessToTDSEndpoint>
    <SourceControlIntegrationScope>SolutionScope</SourceControlIntegrationScope>
    <IsAiSuggestFormulaColumnEnabled>false</IsAiSuggestFormulaColumnEnabled>
</OrgSettings>

When you enable the Record ownership across Business Units flag, the following tag is added to the XML:

<EnableOwnershipAcrossBusinessUnits>true</EnableOwnershipAcrossBusinessUnits>

💡 Additional, useful, settings to be aware of

AlwaysMoveRecordToOwnerBusinessUnit

When allow record ownership across business units is enabled, the Owning Business Unit column can be explicitly updated regardless of the value of the Owner column.

If you change the Owner column, however, by default the Owning Business Unit column is automatically updated with the business unit of the new Owner.

You can disable this behavior by updating the following orgsetting:

<AlwaysMoveRecordToOwnerBusinessUnit>false</AlwaysMoveRecordToOwnerBusinessUnit>

DoNotRemoveRolesOnChangeBusinessUnit

When you change an user business unit (via PPAC or programmatically), by default all roles of the current user are removed and need to be reassigned manually.

This behavior is desirable on the classic security model, but may be unwanted when the Record ownership across Business Units is enabled.

If you want you can disable this default behavior by setting:

<DoNotRemoveRolesOnChangeBusinessUnit>true</DoNotRemoveRolesOnChangeBusinessUnit>

🔚 Conclusions

Understanding how Dataverse handles record ownership across business units isn't just a matter of curiosity—it's essential knowledge for designing secure, scalable, and maintainable solutions. By peeling back the layers and examining how references, ownership, and access control behave under the hood, we gain the confidence to implement complex business scenarios without relying solely on trial and error.

I've already used this new capability in several occasions, and it's a real game changer. It allows you to accomplish goals that once required complex teams structure and a lot of custom code... but what about you?

Have you run into surprising behavior with record ownership or access across business units? Drop your experiences in the comments—let’s keep the conversation going and empower each other to build better solutions on Power Platform.

📚 References

• Matrix data access structure (Modernized Business Units)
• Configure table relationship cascading behavior > About the assign action
• Create or edit business units
• Youtube - Modernize business units by Paul Liu
• Youtube - First look at Modernized Business Units in Microsoft Dataverse by Scott Durow

Comments

[Mike]

I see it's been a while since you've posted, but I'm curious—how have your thoughts on scaling ownership mapping evolved since then? I'm working through a similar challenge and wondering if you'd still recommend relying on lookup tables, or if something like row-level security gave you better flexibility long-term. Anyone else here run into roadblocks with ownership logic across teams?

[Riccardo Gregori]

It's not a matter of flexibility, it's a real security constraints.
Be always aware that there are plenty of ways to access a dataverse table, and platform security is the only actually secure way to keep things private.