I have posted this as an issue in github but maybe someone here may be able to help or may have the same problem & this can stop a potentially very harmful situation for sensitive information.
We have group folders for each department in our organisation. Each group folder has the respective department user group added with write/share/delete rights in the Group Folder settings.
Then sub-folders under the group folders have differing advanced permissions starting with deny read for the whole group & then adding other permissions for those that need them.
The problem that we have found and it is a potentially very damaging one for sensitive information is, anyone that has any rights for the original group folder can view ANY file that has been deleted in ANY sub folder whether they have read rights or not in the deleted files.
Is there anyway to prevent this or am I using the advanced permissions incorrectly?