How to best set up folders for groups

I am setting up next cloud for a school with different teams. This question is about shared folders and how to best set them up.

Users are set up via ldap which is accessed by nextcloud so this is already working. I can set up users and groups.

Now all users work in different teams. Some in one, some in many. I am supposed to create a bunch of default folders for each team where they can store reports and so on. What is the best approach for this. Looking through documentation I can see file access apps, tags etc.

My first thought was to use the admin user and create a root folder school and share it with everybody with only read access.
Then create team folders inside that and share each of them with their respective ldap groups. team_a folder is shared with ldap team_1 group and so on. They get read/write access and can do whatever they like.

This way I can share official stuff with everyone via the school root folder with only read access (school administration can use that for general file sharing) and teams can use their own folders without being able to use other team’s folders.

Is this how it’s done? Is there maybe a better way? I’m thinking that this only needs to be done once and then I can regulate access via ldap. So basically I can each year add or remove users from teams without ever touching the nextcloud setup again?

Thank you for your help