I am working on a Dynamics 365 project (v9.1) that has several organization environments using Sandboxes such as DEV, then a few others such as QA, etc, and finally PROD for example.
I have been told that any Security Role changes to Business Units have to be manually performed on each environment.
The reason I have been told for this is that when an environment is created the default parent business unit name is generated uniquely by default by Dynamics 365 and this results in each of the environments having different parent business unit GUIDs and this adversely affects children business units, teams, etc, so the security model each environment has to be done manually per environment.
I am very new to Dynamics 365, but it doesn't quite seem intuitively correct that Dynamics 365 would require me to make security changes manually on each environment (rather than encapsulating them within a solution from DEV).
My questions are:
- Why are sandbox default parent business unit GUIDs not the same as PROD?
- What is the correct approach so that I only have to make business unit, team, and security role changes on DEV sandbox and then export/deploy as solutions up the chain to PROD?