In Foundry Project - access control

Hi

Guidance and best practice needed based on secnario descriped below

New Project for Two User Groups:

  1. Management/Admin:
  • Admins can create individual folders for each end-user.
  • Admins will have full access to all folders and files within them.
  • Admins will be able to move given folders and files created by given end-user to other folder
  1. End-Users-group-a:
  • End-Users-group-a will only have access to the specific folder assigned as owner to them by the admin.
  • End-Users-group-a will not be able to access folders belonging to other users.
  • End-Users-group-a will be able to give access as editor to a specific folder and files within. Or, given editor roll to files in a folder

You can create a multipass group for group A and B, give A the owner role, and give B only editor/viewer roles.
You might not be able to give roles at the folder/resource level anymore depending on your deployment (that may have been turned off by your platform administrators), as the direction of the governance is to give permissions at the project level, to simplify maintenance work.
As such, it would be strongly recommended to create different projects hosting the resources that need to be permissioned differently, with group A being owner of all.