It is helpful if users organize folders in a way that allows them to manage permissions by folder, rather than by file. For example, create a folder that contains all files used in a group project. This way the entire folder may be shared with the group members, rather than trying to manage permissions on separate items stored in different folders.
Only read permission should be added to a top-level folder, for example the username folder. Any time a permission is added or changed on the top-level folder, check any subfolders or files designated as private and verify that additional permissions have not inadvertently been added that would expose protected information.
When adding folders and files to the Content Collection, keep in mind which users and user lists the content will be shared with. Try to create folders in which all items are to be shared with the same users. When items shared with the same users are spread out among different folders, it may become very difficult to manage. For example, if the user plans on creating documents that will be applicable to all users at the Institution, they should create a folder that will be shared with all system users, then add the specific items to this folder.
Files are automatically available to the user that added the file but must be shared if other users are to view the item.
Files inherit permissions from the folder they reside in. This means that if a file is added to a folder that already has read and write permission for certain users or user lists, the those same users will also have read and write permission on the newly added file.
Overwrite Option on Folders
When editing or adding permissions to a parent folder, users have the option to force all files and subfolders to inherit these permissions. For example, if the read and write permissions are added to the folder, and an item within the folder has read, write, and remove permissions, remove permissions are removed from the file. All subfolders and files within the parent folder would be granted read and write permissions.
If this option is not selected, the files and subfolders are automatically granted any additional permission given to the parent folder, but existing permissions are not removed. For example, if read, write and manage permissions are added to the folder, and an item within the folder has read, write, and remove permissions, the permissions for the file would remain read, write and remove, and manage would be added.
After editing permissions on a folder, the user may edit the permissions on an item, but these will be overwritten the next time permissions on the parent folder are changed. This is one reason storing items with the same purpose and audience in a single folder makes managing permissions much easier.