Note that you can also use entry access scope to grant rights differently to the parent folder compared to its contents. So you can give the user the ability to see the existence of the root folder itself, but not grant them rights to see any of the children except for the one folder you want them to see (say by using a shortcut as Cathy describes above). 

You need to use security tags for this.

If you create a security tag and assign it to all users except this specific subset (make sure this includes admins and your service accounts like workflow!) you can then assign that security tag to every other folder in your main folder. Since presumably your security is already set correctly that this special group does not have permissions to sub folders/docs, you only need to assign the tags to the top level. Additionally, if your everyone group has read access for everything I'd remove it from the root folder (and anywhere else it is). you can then create a new group that includes all of your other users to grant permissions to everything. 

When users log in to the laserfiche, they will only see one folder. The trick to this method is to make sure that all other folders/subfolders are locked away with permissions too, otherwise the users can use a search to see those documents. In addition, you can hide unneeded templates by setting security on the templates to only the other groups. If other users have rights assigned by that former "everyone" group, just add your new everyone else group access to everything at the root level, and the new group you create for your special users only grant it to that subfolder. And try to avoid using Deny as much as possible. It's easy to cause confusion - it's simpler just to not grant rights. 

One note: when adding security tags to a user or group, they don't kick in until you log out and log in. So if you add a security tag to a user and a folder at the same time the folder will immediately hide itself from a user and won't be visible until they log back in! So when you do this you might consider adding the tags to everyone first, then let your users know to log out (or wait a day) before starting to add that tag to your root folders. 

2nd note: I know I mentioned this above, but don't forget to add your workflow, quick fields, forms, import agent and admins to your security tag too! I used to be the primary person at the VAR I work for and this was a very common call I would receive after changes like this! I usually create a service accounts group and add these users to it and always add all security groups to it. All of the services log in/out with each run so you don't need to reboot or anything for the tags to take effect. 

Thanks, Chris, Cathy and Justin. Let me study and try your suggestions and will let you know what worked for us. Have a great day!

Hi All.

The solution I chose was 2-step: give permission to the folder and then, create a shortcut to the folder. Works awesome. Our volunteers only see that folder after clicking on the shortcut. 

Thank you all for your suggestions. Appreciate the quick responses.