Group Folders not sharing properly

I have been trying to setup either a shared or group folder for the following purpose:
Main folder for me and my employees to access all our clients
subfolder for each individual client to access their files
Structure would look something like this:
Company folder/Client folder/photos/

I need to be able to share the main company folder with my employees, and each subfolder to each respective client (with their own nextcloud login)

I first tried using the folder sharing option but ran into the issue that the subfolders and files would not show in the clients directory, they could see their client folder but nothing inside of it. I even tried manually sharing each subfolder to the client but that didnt change anything.

So I tried setting up a group folder (which seems like a better route)
I was able to create a group folder and my client is able to see the entire subfolder and files inside of the client folder. However this group folder was in my main directory, not in my company folder.
I did some research and found a suggestion; When naming the group folder add the path from the main company folder I want it to be created in. ie, CompanyFolder/Client folder. I then share the group folder to the desired client via a user group.

Now when my client logs in they do not see the group folder ( I am guessing because the main company folder is not shared to them) However the group folder “client folder” shows in the recent section, when they click the client folder from the recents section, nothing happens and it does not open. You can see it from the recents but not in the clients home directory.

I figured the solution would be to share the Company folder to the client so they can then access the client folder through the company folder. ( I thought the rest of the subfolders would not appear in the company folder for the client, except for the Group folder shared to them, as that is what happened before. They could see the main folder but not the subfolders.) However, when I shared the company folder the client was able to see his client folder and every other client folder, which is not what I want.

How can achieve this setup? Am I doing something wrong? I must be connsidering I cant replicate the same issue everytime.

How have you set up something similiar?

Yes that is right. The client folder is invisible to the clients, because its mount-point is inside of the company folder wich is invisible to them.
When you want to create nested group folders, the tribe (the group folder that appears in the main directory) must be at least readable by everybody.
Therefor you could mount the company folder inside of the client folder:

ClientFolder - (Client-Groupfolder, this can have any name, to "look like" Company Folder, readable for all)
           \-CompanyFolder(restricted Company-GroupFolder, invisible for Clients)
            |-Client1 (Normal directory, readable for all, writable for CompanyGroup members)
            |-Client2 (Normal directory, as Client1 + writeable for certain clients)
            |-Client3 (Groupfolder, only visible for "special Clients")
            |-Client4 etc.

You can make more nested configurations, to make certain folders invisible for some clients.
So you could make some “Client-Folders” its own Group-folder and make it visible only to special group or single users etc.

I have a setup similar to this that works. Don’t share the main folder. Assign it to a user group. Then share sub folders with individual clients as needed.

The root of the shared folder will be the top level folder from their perspective.

By adding all clients to this “ClientFolder” (groupfolder) they would see all subdirectories (Client1, Client2, … ClientN, right? If I understood correctly, @NoxMush want’s to prevent this!?

Alternatively, it would be possible to create this main “Company folder” as groupfolder for the company team. Then create nested groupfolders for the individual clients. But instead of adding the clients to the main “Company folder”, just create a regular folder with the name “Company folder” for them (e.g. via cli or directly with help of the skeleton). Thus the clients could see their own nested groupfolders and nothing more.

As you can see, I showed a variation (Client3) wher that one is a groupfolder at its own with all acl posibilities.

That’s right, but customers could (accidentally) rename or delete that folder, which would make all the group folder structure nested within invisible (until the correct name is restored).

Furthermore, that folder would not be marked with the group folder icon:

While I could solve this with group folders, I wouldn’t do it that way. I would solve this with → guest accounts (Guests app) ← .
Therefore you have to create a personal folder for each customer and invite him as guest from within the sharing dialog. That clientfolder can reside in a group folder “Customers; Clients” with full access for employees, so that they can invite the customers.
In addition, you can add guests to groups and give those groups additional access to folders with less personal, more generic content etc.
Every time the customer logs into his account, he only can see the folder(s) shared with him and NOTHING else!

Maybe this puts you on the right track.

Much luck

A lot of really good suggestions and insight. Thank you all for your input. I will be testing some of these solutions and find what works best for me.
What an awesome, responsive community,
Thank you all!
I will post my results/solution when I can confirm.

And here is one more:

Create 3 groups:

• Groupfolderadmins
• Employees
• Customers

Go to https://YOURCLOUD.TLD/settings/admin/groupfolders and create one groupfolder e.g. “Name-of-Company”:

• /Name-of-Company

Assign this group folder to the following groups:

And “Advanced permissions” you assign to the “Groupfolderadmins”:

Create a folder only for you and your employees insight of this Groupfolder.:

• /Name-of-Company/Employees

and a folder for your Custommers:

• /Name-of-Company/Clients

Members of the Groupfolderadmins group will now find an area like this in the Sharing tab of each file and folder inside of the created Group folder (in this example the sharing tab of a folder named Group folder):

When you click on the tab and adds a user or group, you will see the inherited permissions:

And you are now able to change those permissions.

Now you can deny “Read, Write, Creat, Delete and Share permissions” to the Customers group for the Employees-folder. Members from the Customers Group now wil not even SEE that folder.

In the Clients-folder, you can create a folder for each individual customer, and the trick when assigning rights is the order: First, you have to explicitly permit the individual customer (the mere inherited rights are not sufficient for the next step). In next step ALL rights are withdrawn from the “Customers” group. As a result, only the assigned customer can see his own folder and all other customers cannot see that folder. Employees will be able to see those folders.

Feel encouraged to experiment with this incredibly flexible ACL solution, the possibilities are endless.

In my previous suggestion (Post #6) I favored guest accounts.
This solution here can be perfectly combined with that proposal.
The customers can be invited as guests and then added to the Custommers group. This means that they can only use the company offer, but not upload their holiday photos and use the other cloud services privately.

Hello all! Thank you all for your insight. The clearest way I have found that works for my implementation is as follows:
Create a Main Group Folder
Then create sub group folders within the main group folder
Then create respective user account and grant permission to the sub group folder
Like this:
/Main Group Folder
/Main Group Folder/SubFold1
/Main Group Folder/SubFold2
Then add accounts and permission for each user ie
user1 can access both Main Group Folder and SubFold1
user2 can access both Main Group Folder and SubFold2 but they cannot see SubFolder1
and so on and so forth.

So Every user has permission to read and write to “Main Group Folder” but they only have permissions to read and write their respective subfolder.

Thank you all for your bright ideas and suggestions. I wouldnt have figured this one out on my own.
I am proud to be apart of such a respectful community!