We currently operate a large single repository for company data with a list of Root folders in that library. Each folder has a logical business owner. When someone wants access to one of those folders. They request it via IT, IT Contact that owner and receive authorisation, then add the permission to the root folder (via AD Groups).
We are trying to move towards departmental sites however we want the document library to be controlled by the department manager, and rather than grant everyone access to all the files in that library, give everyone to ability to see the libraries root files, but then if they try and access it, they will be presented access request page. I know I can do this for sites or libraries, but can this behaviour be attributed to sub folders in any way?
One thing I’d like to make clear is that implementing item level permissions (folders or items) is not best practice. Even if you are managing the permissions via groups, from an audit perspective, you start to lose track of who has permission to what and where permissions were granted. By all means it is possible to give everyone “read” access to your document library. Then give item level permissions to a Folder (access request). You could still store documents in the root and then any documents under the folder, would have different permissions. You would not be able to show them the files, without granting them explicit permissions to it.
My question is – What is the purpose (use case) of giving them access to the root folder but when they try to access the files to make them ask for access?
