HI Wesley,
"1. When an account is created by a member X of Team A, it is not seen by Team B members - which is CORRECT"
--> Yes, it is not because of Team, but it is because you set User-Access level, Member A create an Account, let's say Account 1, then by default, the owner is the creator (unless you change the assignment), that is Member X. And of course member from Team B cannot see the record, because the Account 1 is owned by Member X and other members cannot see records not owned by them or by their team.
"2. When I login as member Y of Team A, I cannot see the record either - which is WRONG"
--> It is because previously, you set:
"And there are 2 security roles one for Team and other for Users. Both security roles have 'user-level' access to Account records."
So, yes, the highest level is the User Access (because both Team and User are having User-Access level to Account in security role).
Then the Member Y of Team A, cannot see the record from number 1, because it was still owned by member X. And your user + team are only having access until user level, so it means, correct, record owned by X is not seen-able by Member Y, member Y only can see records from Member Y himself, because the highest privilege you set is User.
So, for number 3:
"Now if I assign Owner of that record to 'Team A' then Point 2 is working correct."
--> Yes, if you set the Access level of A Team until User only, so the user can only see Records owned by himself or Records OWN by his Team.
And Account 1 (created from step1) as mentioned before is owned by Member X, not Team A, so it means, another member from Team A also cannot see this record, unless this record is belonging to TEAM as THE OWNER, not THE TEAM MEMBER, so to make it works, for this Team scenario, yes, you need to make the Records owned by A TEAM, not AN USER.
Basically, User and Team access level are similar, the difference is just User is an Individual, Team is a collection of user, if you set as User level, then the records must be owned by Team as well, once the records belong to Team, it means that all members are the 'owner' of this record, so that member can see each other.
But, you can do sharing between Team and Users as well if you feel not enough for this privilege. This will make complicated design. And also you can try Access Team.
Another workaround that is crossing my mind now is:
You split Team A, Team B into 2 different BU, BU A and BU B.
Then, you give Access to the Users to BU-level.
So that either the records is owned by Member X, Member Y, or a TEAM A, any member in team A can see the record, and members of Team B cannot see.
Hope this helps!
Thanks.
