We recently had a lot more new local repositories added to our development DS system.

Our system is setup with a group for developer access to each repository. So for example, we have a "DS Rep01" type group which provides access to just Rep01. Users are added to the group(s) for whatever repositories they need to access. This is then set to "no access" on all other repositories. It seems I cannot have this model for permissions otherwise.

Unfortunately, all permissions were copied from somewhere that had a fairly generous permission structure (apparently?) so now for each new repository all the "DS RepXX" groups have access and are set to inherit from parent group/folder. I have been manually setting these to "no access" and removing the inheritance but this is incredibly tedious.

My questions:

1. Is there a way to update multiple groups simultaneously on a single repository? The "Assign Security" button is grayed out if you select multiple groups at once, which is the only way I have found to remove the access.
2. Does any group assigned to a single repository have to be assigned at the group level as well? I have tried to add one only to the local repository (but not the Repositories folder) and was not able to login through that. Only after adding it to the "Repositories" folder was I able to (which then gave it permission on all repositories, unless I blocked them specifically.
   1. 
   2. My thought was that if I could remove all non-admin groups at the Folder level, I could add them back in one at a time to each repository - this would be considerably faster. But it seems this will not work.
3. Is there any documentation about recommended models for security? Our process works fine, except it takes a ton of effort when you add new repositories. I have searched quite a bit, not really finding much, as well as read through most of the DS Admin guide on user permissions, but it's not clear what a good strategy is.

Hopefully what I am searching for is clear!

Best regards,

Alden