Just as an example so that everyone can see what we are talking about. A folder is shared and is called operations, a drive is mapped called O. The structure looks like this
In active directory we have a folder permission OU, and in that folder permission OU we have groups. The groups are defined, Operations_daily_activities, Operations_public, Operations_hello, Operations_thisisafolder, Operations_thisisasecurefolder.
By default all users in operations have access to public, but the rest of the folders are only able to be seen and accessed if you are in the proper group...and even still we have readonly groups and readwrite groups for those folders so we go even more granular than my example given. So say someone wants to have daily activities, when the browse the O drive they will see the following:
All other folders will seem to not exist for that specific user, while the manager will have access to everything. We even have folders within folders that are locked out so they can't see anything in the above folders because they do not have access to the above folders, they just see the structure of O:\thisisafolder\thisisasecurefolder\ then they see all of the files and folders under this directory. This is all done with active directory permissions, there is no special software needed other than a 2008 windows server.
IT needs to have controls to be able to properly assign folders easily. They define the controls needed in active directory, we (on this board) cannot do this for them. I have given you an example of such controls to use to help make ITs life easy.