A common design would be:
- Create Sales Representative Security Role with User-level access.
- Create Sales Manager Security Role with Business Unit-level access.
- Organize users into appropriate Business Units.
- Assign security roles according to responsibilities.
Result:
- Representatives see only their own opportunities.
- Managers see opportunities owned by everyone in their Business Unit.
This approach follows Microsoft security best practices and scales well in enterprise environments.