Hi Patrick,
In your case it seems like you are using Pre-Define VIEW access level. according to that :
If View Access Level set on the folder level, a principal can view the folder, View objects within the folder, and
each object's generated instances.
(Ref: Securing Business Objects Content – Folder Level, Top Level and Application Security)
To achieve your kind of requirement you can use custom access levels.
Regards,
Veer