Abstract: A method for controlling access to protected objects in a distributed environment, including providing a user key KU corresponding to a public key KUP of a user; receiving a server key KS from a remote server; generating the combination key KC by decrypting a metadata field Datai using the key KU. The public key KUP is used to generate the metadata field Datai, and the metadata field Datai is stored as part of a protected object's metadata. The object key KOBJ is calculated from the combination key KC and the server key KS by either XORing the combination key KC and the server key KS, or by decrypting the combination key KC using the server key KS. The object key KOBJ is used to encrypt and decrypt the protected object. A user who has access to the protected object having structure has access to any unprotected file or unprotected structured objected inside the structured protected objected, but does not have access to any structured protected object without an additional key.