Forum Discussion

Pn1995's avatar
Pn1995
Brass Contributor
Sep 06, 2019

Can Metadata/labelling or classification help me?

HI   We have currently have 1 document library and within these we have various folders and files.   We want to be able to classify our files due to there sensitivity - high, medium, low.   By ...
Document Library
Metadata
Permissions
security
SharePoint Online
Rachel_Davis's avatar
Rachel_Davis
Iron Contributor
Sep 09, 2019

Pn1995 

 

Yes this can be done with labelling - see previous responses. It sounds like you're trying to create access control within a library using classification instead of permissions. While it sounds good at first, the devil is in the details and I would use EXTREME caution before implementing it across your tenant. Unlike permissions, I don't believe access rights by classification can be over-ridden without changing the classification of the document or granting access to ALL highly classified content.

 

So for example, the assistant to the CEO may need access to some highly confidential content, but not all. Or maybe there is a highly classified project and someone needs access to the content for that one project.

 

How would the owner of the highly classified content make exceptions for these people without changing the classification of the document or granting them access to ALL highly confidential content?

 

I fear what you would end up with is a lot of content being under- or over-classified as a shortcut to control access.

 

I would recommend you ask what problem you are trying to solve. If you want to control access rights, then I would do that using permissions on sites & libraries. Use classification to prevent content from being printed, downloaded or leaving the company without approval.

Pn1995's avatar
Pn1995
Brass Contributor
Sep 09, 2019

Thanks Rachel_Davis 

 

The idea would be this would only be assigned to a single document library and all other areas would be controlled by permissions etc...

 

The issue if they have a host of documents in a library in various folders and which the library is protected by permission. In every folder if they have say 100 files, 5 or 6 of these will be deamed "confidential" so instead of moving these to a differnet area or changing permissions the thought is to classify them so most people can't access them

 

 

  • Vikram_Samal's avatar
    Vikram_Samal
    MCT
    Sep 09, 2019

    Pn1995 Before I say anything further I must reiterate Controlling access is best done by permission management so if you can do this that will help to manage easily.Please let me know if this method works. 

     

    1. Create a choice column named as "Confidentiality" and have the options such as "Public","Private". Default value being "Public"
    2. Create a group named as "private Document Group" and add the user who need access to the private contents.
    3. You can then set a workflow that if anytime the  Confidentiality value = "Private" run the permission management workflow to set unique permission and give access to only the Private Group created in step 2 .
    4. The other condition will be  Confidentiality value = "Public" do nothing as they can be accessed by the users of the library.
    5. But only catch is that the people who have edit rights they should not make any of such changes such as making a "Private" doc to "Public". In that case you need to have little more steps to handle that.

    Please let me know if this helps.

Resources