Permissions

Hello,

Is there a way to get close to NTFS style permissions? I'd like the ability to set permissions on a folder so that users may create their own credentials and set permissions on that credential while having the parent folder locked down (no ability to edit permissions on the parent). This would be akin to being able to set permissions on "this entry" and specific permissions for "sub entries" like NTFS's "This folder, this folder and subfolders, subfolders only" style permissions. This would also help with users that have delete permissions so that they don't accidently delete all the credentials below a folder. I'd essentially like to lay out permission in this hierarchy:

Vault (Root) [Only sys admins or a specific group has the ability to create folders/entries]
-> Help Desk (Restrict the ability to delete or modify permissions on this folder, but allow sub-entries to be deleted and permissions to be modified by help desk)
---> Some credential entry (Help Desk to delegate permission of this object only to whomever they need to view the credential)
-> Infrastructure (Restrict the ability to delete or modify permissions on this folder, but allow sub-entries to be deleted and permissions to be modified by infrastructure team)
---> Some credential entry (Infrastructure team to delegate permission of this object only to whomever they need to view the credential)

I would like to give each respective department the ability to create their own credentials within their own folder, and view credentials from another groups within the same vault if their group/user were granted the view and view-password permissions.

As a workaround, I thought about having a vault administrator with the ability to change permissions and delete entries, however, this could potentially expose passwords within a department's vault if the vault's admin doesn't know how permissions work or accidently set a permission incorrectly. My only other solution to make this as easy as possible for department heads/admins, would be to give them full reign over their vault and have all other users be given read-only access. We lose flexibility with this.

In the past, with Password Vault Manager, we were able to keep our credentials in a separate folder and create a shortcut in another folder so other groups within our department could view the credential.