One thing I don't quite get:
Consider my on-prem file server where I have a structure of folders which I granted permissions to many users and groups. I add all IT Dept users in the AD group and then assigned the "Storage File Data SMB Share Reader" RBAC permissions to the AD group.
Inside one of those folders I created a new folder called "Private" which I block inheritance and only grant permissions to 3 x managers users (for example).
Will the users members of "Storage File Data SMB Share Reader" RBAC permissions still able to read inside "Private" folder?
Am I missing something obvious here?
Hope this makes sense...