Advice - getting more granular with security and offering customization for different user groups

Hello RDM gurus,

I am in need of some advice. The software is very powerful and customizable and I'm wondering if there's a solution in place already before I undertake an effort that will consume a large portion of my time.

Currently, we have multiple domains and a synchronizer in each domain that pulls connections and sends them to a specific folder. Each user group has rights to different folders. For some of our usergroups, this is fine. For one however, we'd like to have security set more rigidly. Let's say each domain has X, Y, and Z machines. It's fine for most user groups to see X, Y, and Z machines. But we have one user group who we would like to see Y machines, but not X and Z. The solution I have in mind is to create a separate synchronizer that uses LDAP to pull only Y machines from a domain, and put them in a separate folder that only the particular user group needs.

However, if we go this route, I miight have to create lots of synchronizers and an entirely different folder structure for each user group which is a fair amount of work. We work in an environment where we are constantly adding new machines, and we seek a solution that is completely automated. I could use security on the connections but I do not know of a way to apply specific security based on computer names as machines get synchronized. Any advice as to what an RDM master would do would be much appreciated.

Follow up question: We have a user group who has rather specific needs for their view. The general view we have in place is much too grandiose for them, so they would do well with their own folder. However, we do not want to give them rights in devolutions to add connections. I've learned recently that we can create shortcuts to existing connections. Is there a way to give a user rights to create folders and shortcuts, but not create connections, credentials, or anything else?