09-06-2019 11:47 AM
09-06-2019 11:47 AM
We have currently have 1 document library and within these we have various folders and files.
We want to be able to classify our files due to there sensitivity - high, medium, low.
By default we want anything marked low set so everyone can see it, while everything high only certain people can see and other policies would be in place so that high rated files cant be emailed out.
So the idea is the once everything is classified if you go into one of the folders withing the Document library and there is "high" rated document. Most users would bot be able to see this.
Can this be done with 365 labeling, metadata,classification? or is there any other way to do this?
09-06-2019 03:43 PM
@Pn1995 Yes definitely you can do using the appropriate labels as it will be robust approach. But if your need to share content with small set of users across different departments and with a frequent change of the permission or access needs then I might be refrained from using labels. I will use labels to assign permission for something like HR Repository where I share files for full-time, contractor and interns. Then I will assign different permission for each of them and then according to the label the content will be shared. The advantage is I don't have to manually add or remove people frequently and it makes the process robust and easy. SO if your need something similar you can use.
On the other hand if my need is designing a departmental a repository where a lot of people share information, we control and alter the user's permission frequently then I will use the SharePoint permission management to set unique permission for each file according to certain metadata. To automate the permission management I can write a workflow to set unique permission every time a document gets added.
09-07-2019 08:35 AM
So just so i fully understand this, you create a Label in 365 (is this a sensitivty label you use?) and then assign this to a file . Do you then use some kind of DLP policy to control who can access the files or not?
If you have any links that desicribes how this is done it would be really useful.
Just to confirm what we want to do
1) Assign a label called say "confidential" and only certain people are allowed to access/see "confidential" files
09-09-2019 07:01 AM
Yes this can be done with labelling - see previous responses. It sounds like you're trying to create access control within a library using classification instead of permissions. While it sounds good at first, the devil is in the details and I would use EXTREME caution before implementing it across your tenant. Unlike permissions, I don't believe access rights by classification can be over-ridden without changing the classification of the document or granting access to ALL highly classified content.
So for example, the assistant to the CEO may need access to some highly confidential content, but not all. Or maybe there is a highly classified project and someone needs access to the content for that one project.
How would the owner of the highly classified content make exceptions for these people without changing the classification of the document or granting them access to ALL highly confidential content?
I fear what you would end up with is a lot of content being under- or over-classified as a shortcut to control access.
I would recommend you ask what problem you are trying to solve. If you want to control access rights, then I would do that using permissions on sites & libraries. Use classification to prevent content from being printed, downloaded or leaving the company without approval.
09-09-2019 08:54 AM
Thanks @Rachel Davis
The idea would be this would only be assigned to a single document library and all other areas would be controlled by permissions etc...
The issue if they have a host of documents in a library in various folders and which the library is protected by permission. In every folder if they have say 100 files, 5 or 6 of these will be deamed "confidential" so instead of moving these to a differnet area or changing permissions the thought is to classify them so most people can't access them
09-09-2019 09:27 AM
@Pn1995 Before I say anything further I must reiterate Controlling access is best done by permission management so if you can do this that will help to manage easily.Please let me know if this method works.
Please let me know if this helps.