I have a project that is requiring very complicated access right assignments. Multiple locations and multiple payroll types. To try and summarize what I'm doing, I have a location folder called Division 20. In that folder is 3 different folder that corresponds to payroll types. One is Hourly, one is Office, and one is Salaried. I have a AD group per location that would include the 3 people that are assigned coordinators for the payroll types. Then the folder for each payroll type gets an AD group for the payroll type. So there are multiple people in the Hourly group. I found that assigning both the location group and payroll group to the location folder ensures that the person with both groups can see that folder and then drill down into the correct payroll type folder. The problem is that since the Hourly group has multiple people from other divisions/locations, they can search and find documents outside of their location. So it tells me that the access right area or relationship. If you are in either group, you can access the files. What I was hoping for was a AND relationship where you must have both groups to access the files. 

I can accomplish the correct access when they are only allowed to browse but I really wanted them to be able to search too. Has anyone come across this before and have a solution? Is there a way to make the access right more specific and make LF require all groups listed and not just one? 

Thank you.