We have a ressource-Account with secret data.

Selected users (especially the user called Ben) are able to access data
from this account via shared folders in their mailboxes.

If Ben configures a Proxy User (lets say Ann has a read right to mails
in Bens mailbox), then Ann can also read the Mails in this "secure
shared folder" in Bens Mailbox.

So Ann has access to the secret data......

Is the administrator of the ressource-account able to prevent this way
of "resharing" the secret data?

Or is the configuration of Proxy-Users (and no shared folders) simply
the more secure way?