Based on your described use case, it sounds like this would currently require you to keep permissions unlocked to the project, and set group permissions individually at the parent project (and nested project) levels.
The following common scenarios are possible only when you keep the project hierarchy unlocked:
- You want to create projects for different types of access your team needs for content in child projects. This strategy is described in Configure Projects, Groups, and Permissions for Managed Self-Service, and it requires setting unique permissions on each child project.If you keep permissions unlocked, you can still set permissions at a parent project level that you want all child projects to take by default. And you can use groups to set capabilities explicitly, including denying the Set Permissions capability, so that users cannot set permissions on content they own.
So in theory, you could set the base permissions on the parent project to allow access to all users in the Finance group, and then on the nested projects, you could choose to grant permissions to only the "Senior Leadership" and "Dev" portions of the Finance group, respectively.
Hope this helps!