Microsoft Purview Sensitivity labels: restricting users from selecting lower level of sensitivity

If you will do some test with 2 different users, you will find out that to be able to change classification, you need to have permissions to do it. It means no one, who do not have specific permissions to do it, cannot lower or anyhow change classification level.

Since the person who label the document initialy becomes the owner of the file, this person can do anything with the document, even changing the classification. Because the OWNER role has all permissions.

But once you are other person who has only rights up to the Co-Owner, you cannot change a label. It means when you are NOT OWNER of the document, you MUST HAVE Co-Owner permissions to be able to CHANGE CLASSIFICATION.

Any other role (Co-Author, Reviewer, Viewer) DO NOT HAVE permissions to change a label, since they do not have EDITRIGHTSDATA atomic permission.

Check it here: https://learn.microsoft.com/en-us/azure/information-protection/configure-usage-rights

pkaup , augrasp , rhycsm , manojviduranga 

Hello manojviduranga ,

I noticed the following things on my test tenant:

• document owner will always have the right to change label
• you can have a custom set of rights applied to the document through the original document label that removes the "edit rights (EDITRIGHTSDATA)". But that will also prevent users from upgrading the label

I haven't found a real good solution to this problem. If anyone has, let us know :).

P.

manojviduranga Have you received any update from Microsoft on this? or any workaround?