Folder structure and and permissions on sub-level

Folder structure:

 

/Employees

   /Id

      /Agreements

      /Images

 

Let's say there are 50.000 employees (and therefore Ids) and we want user group "Admins" to be able to edit all employee data, but group "ImageViewers" is only allowed to view the /Images folder of all employees.

 

Our first approach is to add one collaboration on the /Employees folder (Admins -> Editor) and one collaboration on each of the 50.000 /Images folder (ImageViewers -> View with "view_as_path"). I think - but I am not certain of this - that this will hit box limits (too many collaborations, even worse with "view_as_path").

 

The next approach is to restructure the folder:

 

/Employees

   /Agreements

      /Id

   /Images

     /Id

 

Now we can permit Admins as before and and ImageViewers as Viewers for the one /Employees/Images folder. But the user will not be able to pick one employee folder and see all content for one user. Also, the number of /Id directories has doubled.

 

Maybe it is possible to still provide a merged view on all folders (or a folder with links to /Agreements and /Images) or maybe there is a much better approach to this?