Hi, You are correct in that a single S3 location (root of the bucket or prefix within the bucket) can only be mapped to one file share on a single S3 File Gateway. In order to provide different levels of permissions to different user groups, you can tackle this in one of two ways.
Assign SMB permissions via security groups. ie. 'Domain Admins' have full control, 'Users' have read-only access. https://docs.aws.amazon.com/filegateway/latest/files3/smb-acl.html SMB permissions (ACL's) persists on the objects themselves ,and you can manage this through windows explorer (as an admin). This would allow for a single S3 File Gateway to host a single File Share, with separate permissions based on who is accessing the share (in your case, IT group vs. general users).
Create a separate gateway, and control access via the Gateway File Share settings. This would allow you to create a file share on one gateway where IT group users have admin control, and a separate file share on a second gateway with read-only access for the rest of your users. https://docs.aws.amazon.com/filegateway/latest/files3/CreatingAnSMBFileShare.html
Recovering a File GatewayAccepted Answerasked 2 years ago
SMB File Share On Storage Gateway With Windows Permissionasked 9 months ago
Storage Gateway can't mount File Shareasked 7 months ago
WorkDoc File Shareasked 4 months ago
Storage Gateway - Can't mount SMB File Share under Windowsasked a month ago
SMB File Gateway Joined to Domain - PermissionsAccepted Answerasked 4 years ago
File Storage Gateway on EC2 in case of AZ failureasked 2 days ago
File Gateway (SMB) and Folder level KMS (CMK) in bucketasked a year ago
AWS Storage gateway and read only shareAccepted Answerasked 10 months ago
S3 version disappeared if updating file in the Storage Gateway file share in ONE minuteAccepted Answerasked 8 months ago