I'm the owner of a business. I have a Network Administrator that I would like to give access to our file server to perform standard network admin activities on (patches, app installs, backups, etc.), however there are certain files I would not like him to access on that server (HR, Payroll, personal, etc.).
Is there a permissions setting or something I can give him that lets him do network admin stuff on the server but prevents him from having access to sensitive data?
Or would I need some kind of third party app to lock those directories?