In our organisation we have the following structure:
Researchers is an OU and researchers can work in more than one workpackage (WP). Each wp should have acces to its own mapped drives and not have access to data from the other WPs.
A solution could be to create an OU for each WP and set group policies per OU. However, a researcher can be member of multiple WPs. What is the best solution for this? Should I use only one OU=Researchers and just use groups for the WP and impose GPOs per group?