We have a lot of project folders in our CMS repository.
In the past these are created with -> "Grant read access to" -> Members of all user groups.
Afterwards it is not possible to change this security option for specific groups.
This has the consequence that all projects can be viewed by every user across the BUs.
Another security issue is that users with an Authoring role can delete/modify objects once they have read access to such project folders.
1. Modify the security management in such a way it is possible to modify the security settings afterwards without rebuilding the entire repository.
2. A user must have write permissions on a folder where he is allowed to do so. So not only with read rights in combination with an authoring role.