Have parent child business units. Business Unit : A- parent, A1-child of A , A2 child of A , User : X , Entity : Account , Security for Account - Parent child(read).
When the user clicks on account, he can view only A1 and A accounts/records. But not accounts/record from A2. What access to be provided to X for just viewing/read only to A2 accounts/records