AGDLP
https://en.wikipedia.org/wiki/AGDLP
User and computer accounts are members of global groups that represent business roles, which are members of domain local groups that describe resource permissions or user rights assignments.
NTFSSecurity
Managing file and folder permissions in Windows PowerShell … is far from being comfortable. You can download the module from the Script Center Repository: File System Security PowerShell Module.
https://devblogs.microsoft.com/scripting/weekend-scripter-use-powershell-to-get-add-and-remove-ntfs-permissions/
«Managing permissions with PowerShell is only a bit easier than in VBS or the command line as there are no cmdlets for most day-to-day tasks like getting a permission report or adding permission to an item. PowerShell only offers Get-Acl and Set-Acl but everything in between getting and setting the ACL is missing. This module closes the gap.»
https://github.com/raandree/NTFSSecurity
Install-Module -Name NTFSSecurity -Scope CurrentUser -SkipPublisherCheck