Barry I both appreciate your help and agree with your point.  While I've already voiced this suggestion to the customers, in my initial explanation I advised that they want a single RM folder structure for all of these processes.  Additionally, Workflow cannot create Record Series dynamically and each of these processes has 15+ Record Series that their various documents apply to.  Therefore I am now asking this particular records manager to create 15+ record series folders for each process when many of them actually cross.  Then when retention values change for these that same records manager has to go update the retention folders in multiple places instead of a single location. While at this scope these extra Record Series may seem small, in a large organization with 15 repositories, over 50 departments utilizing Laserfiche and 10,000,000+ documents in the system, these extra Record Series multiply quickly.  They are wanting to minimize the number of Record Series across their environment to minimize both the number of places to maintain and the number of places where problems could arise.

But let's take the example a step further. Let's say Process 1 is invoices and beyond the initial request, they also want to restrict access to invoices based on department.  I now have all of the invoices stored in a single Record Series but need to control access to each document based on the department that submitted the invoice.  (I am currently receiving similar requests when it comes to departments viewing HR records.)  With this option I would have to build separate Record Series for every department so that they are properly stored independently.  This is neither easy to maintain nor can it be built dynamically since Workflow for some reason is not allowed to create Records Series.

I have more and more customers asking for dynamic environments that utilize TRM but are still secure. This is able to be built but it takes considerable work from a workflow standpoint and if any changes in security are needed (maybe a new level of permission) then everything has to go back through workflow to be assigned it's new security. Additionally, TRM is provided as a method to allow the users to have their folders configured how they want and the records managers RM configured the way they want.  Once I start telling either side they can't have it that way because Laserfiche doesn't support it then TRM as a process falls apart.  

The issue is that we are asking them to secure the shortcut(s) on one side and then secure the original document on the other.  The users see the RM folder structure as a vault to protect the documents but it takes considerable custom work to create this vault and grant users the correct access in via a shortcut and through searching.  If Laserfiche would allow security to be driven by the shortcut or Records Series to be built by Workflow then those would both be dynamic ways around this.   As these do not appear to be on the horizon I am hoping someone has found a way to handle this in an easier to maintain/build method than what I've been doing so the customer can have a secure, dynamic, and easy to build/maintain environment in the folder structure that is the most efficient for all parties.  If there is no better method then I am hoping to have open dialog regarding what we'd like to see coming for TRM as the requests are getting more complex and hopefully the tools to handle these requests will adapt.

It's a complex configuration issue and you're in an unenviable position if end users simply disregard the inherent constraints every system imposes by it's design. I don't see a simple way around the problem, but my view is that in the long term document security and ease of maintenance for all users should trump twisting the system into a knot for the convenience of one or two record managers. In the example of your departmental invoices, having to create separate series isn't any different than what you would do using normal folders in the absence of TRM.  The alternative there would be to try using folder filter expressions, but in a system as large as yours I'd test to see what the performance hit is on searching.

Given the current abilities of the system, could you design the system logically (i.e. with suitable Record Series having security that follows basic Laserfiche design principles) and then mitigate the pain of managing many Records Series with workflow in some way?