I have a folder 'Clients', that only managers can access. Under it I have folders for 'Client1', 'Client2' and so on. The problem I have is when Client1 authenticates the get access to there folder, but if they change the URL they can access Client2's folder as well. I don't want that.

I have my acl_users in the 'Clients' folder because I don't want to create a acl_users for each client since they only have 1 user each. But if I have to do this I will.

This seems to be exactly the scenario in the original "Folder visibility" post. If you give a user a role in a folder, it will have that role in all the contents of that folder. This work for both the acl_users definition and local roles. If you have all users in on user folder, and they all have the same roles, they will all be able to see the same thing. Here's how: o Figure out what role(s) your users will usually be. Probably 'Anonymous' or 'Authenticated User'. Maybe something else. o Disable their ability of your users to see anything in the area you want to restrict. This might be the root, or it might be a 'Clients' folder. (Be sure to turn off permissions acquisition.) Do this by turning off the necessary permissions in the restricted folder for the roles your users have by default. o Create the users in that folder or one of its ancestors. o Create a role at the level that you're restricting (maybe the root, maybe a 'Clients' folder) and give it permissions to see the things that you've restricted. We'll call it 'FolderViewer'. o Then in each subfolder of the restricted folder (say 'Client1') go to the security tab, go into 'Local roles' and assign whomever gets access to this folder the 'FolderViewer' role. No more, no less. The people you've granted the 'FolderViewer' role to locally in the subfolders will be able to see those folders and their children, no more. --jcc (again)