Table/record ownership
Dataverse supports two types of record ownership: organization owned and user or team owned. Record ownership is a choice that happens when you create the table, and you can't change it afterward. For organization-owned records, the only access level choices are that the user can do the operation or they can’t.
For user and team-owned records, the access level choices for most privileges are:
Organizational
Business unit
Business unit and child business unit
Only the user’s own records
Record ownership in Modernized Business Units
In Modernized Business Units, you can have users be owners of records across any business units. Users only need a security role (any business unit) that has Read privilege to the table. Users don't need to have a security role assigned in each business unit where the record resides. Using this capability requires some adjustments to your organization settings. For more information, see Record Ownership in Modernized Business Units.
Record sharing
You can share individual records on a one-by-one basis with another user. This method is a powerful way of handling exceptions that don’t fall into the record ownership or member of a business unit access model. However, this approach should be an exception because it’s not an efficient way of controlling access. Sharing is more difficult to troubleshoot because it's not a consistently implemented access control.
You can share at the user and team level. Sharing with a team is a more efficient way of sharing. A more advanced concept of sharing is with Access Teams, which provides auto creation of a team and sharing of record access with the team based on an Access Team Template (template of permissions) that's applied. You can also use access teams without the templates, with manual add/remove of its members. Access teams are more efficient because they don’t allow the team to own records or require that you assign security roles to the team. Users get access because the record is shared with the team and the user is a member.
Record-level security in Dataverse
A user's access to a record is the combination of all their security roles, the business unit that they're associated with, the teams that they're members of, and the records that are shared with them. All access in Dataverse is accumulative across all of those concepts in the scope of a Dataverse database environment. These entitlements are only granted in a single database and are individually tracked in each Dataverse database, requiring a user to have an appropriate license to access Dataverse.