What is a best practice when setting security access on folders?

Grouping users for folder access is the best practice because it makes security management scalable and reliable. When you grant permissions to a Group, everyone in that Group inherits the same rights, and changes in roles or staffing are handled by updating Group membership rather than editing permissions for each individual. This supports consistent access across folders and simplifies auditing and onboarding or offboarding. In DocuSign CLM, using Groups also aligns with role-based access patterns, so you can assign a single set of permissions to a team and rely on membership to control who actually sees or edits each folder. Choosing to avoid Groups means you’d have to assign access to each user one by one, which quickly becomes unmanageable as the user base grows or changes. Granting individual users access to every folder is even more cumbersome and error-prone, increasing the chance of inconsistent permissions or missed access. Trying to mix broad access with folder-by-folder restrictions (giving all CLM Users access everywhere but limiting a particular folder by hand) creates many exceptions, making maintenance and audits brittle. So, using Groups centrally to control folder permissions keeps access consistent, scalable, and easier to maintain.