I am trying to find a solution to restrict a user to only access files in multiple locations in the vault that are referenced by the same assembly, without allowing access to an entire folder.
To help understand our folder structure and what we are trying to achieve please refer to the attached picture.
We have separate folders for each of our projects which contain files that were created for that project, however the assembly for each project also references files from other locations in the vault. Using my example (see attached), Project A references files from 4 different folders; Project A folder, Project B folder, Project C/D/E folder and Library parts folder.
Currently we do not restrict view access at all as it is not necessary however we want to introduce a user specific to each project who only has access to the files that are used in their project. For example we want User A to view all files referenced by Project A, even if those files are spread across folders for Project A, Project B, Project C, Library parts etc. Allowing access to each folder that contains a referenced file is not ok as User A should not be able to see all files in Project B folder, only those that are referenced by Project A.
A solution that I can think of right now is to use shared files and create a new and separate folder that User A has permission to, which contains a shared file for each file that is referenced by Project A. This way the user will have access to view the file through the shared instance without actually having access to the folder that the original file is contained in. The only problem is it takes a lot of manual work to find and create the shared files.
I am also aware of the problems that can arise with using shared files however the shared instance is only to be used for viewing/read-only access so I don't see it being a problem.
Any other suggestions will be greatly appreciated.