Dynamics CRM has the ability to assign users/teams with multiple security roles. This is ideal for medium to small scale organizations. Particularly, in scenarios where, within an organization there are no dedicated teams or individuals to perform certain tasks. Therefore set of business specific tasks can be shared among one or two individuals and the relevant security roles can be associated with the user(s).
When I describe about Business Units in one of my previous articles, I explained that business units defined the scope or the boundary for what people have access to. Within each business unit there will be security roles defined the accessibility for users. So it makes sense for a security roll to be associated with a business unit. Therefore at the point of creating the security role, you must associate the relevant business unit.