Folder based security

We have a Royal Server setup where we have a Document with around 300 folders, each for a separate customer, and what we would like to control is access on a folder level based by an Active Directory group and of course handle the creation of the folders and setup of the folder based security through script/API.

If we have a group for each customer like AC_Cust_CUSTOMERNAME with the members that is allowed to connect to the corresponding customers servers, the ideal solution would be that we could limit the access to the objects in the customers folder to the relevant employees that are members of the group.

This could support a zero trust strategy instead of the current assumed trust where everyone have access to everything within a document.

The only way to achieve something like this in Royal Server today would be to create separate documents for each customer which is unmanageable given the number of Royal Documents this would result in.

As of now there are no built-in features for folder-level access control within Royal Server.

Future versions of Royal Server will include more advanced features around user management and access control. However, at the time of writing this, we cannot give a specific timeline for when such features will be available.

As a workaround it might be feasible to script document creation per Active Directory group.

Alternatively, dynamic folders can help in your scenario. If you can use a script to process data based on the user credential, you may be able to use a dynamic folder script to only show connections and objects based on the user executing the script.