Please, you really have to make dropefile access right correct.
I mean, user's that's dont have folder's access should'nt be abble to view (and access) other folders. Right now, CAT1 access right users can delete, and add files on CAT2 folder throught bakoffice.
Another thing, users with low level admin should not be abble to modify folder option (like users access, template, anyelse...)
Tha'ts a big problem right now.
Thx in advance