Firstly let me apologise for the novel that is about to be written.
My environment is Windows Server 2012 (DFL is 2008) and a lot larger than shown in the images below but it demonstrates the depth I wish to use.
I am somewhat confused over how to apply permissions with ABE. This is NOT in a DFS name space. I have a share called "Data" with ABE enabled. I have set up the folders as shown in the diagram below.
The logical flow should look like this:
I would like users to only see the folders that they have permissions for e.g. the North team should only see the North Folder but the Marketing Manager should be able to see all folders below their level. I can easily get the GM to see whichever folders they need to see (the GM, all Sales and all Geo folders and sub folders). The problem I am having is getting anyone further down the tree to see only the folders they have permissions to.
Is this possible or have I misunderstood how ABE works? Do I have to go to a flat file structure below Data (which I know will work but does not allow for inheriting?