Permissions to documents in SharePoint/MetaShare are primarily set on a workspace level. If you have access to a workspace, you normally have access to all documents within the workspace. Permissions to certain documents within a workspace could however be restricted or extended.
Extend access to certain documents
Permissions to specific documents can be extended by:
- Sharing them to individuals that are either within our outside your organization using the “Share” function:
- Extending the permissions on folder-level (if the workspace has folders). If permissions are set on a folder, then all documents that reside in the folder will inherit the permissions from the folder.
Restrict access to certain documents
Permissions to specific documents can be restricted by:
- Restricting access to draft items so that visitors, with read permissions, will just be able to see the latest published versions of documents.
- Restricting the permissions on folder-level (if the workspace has folders). If permissions are set on a folder, then all documents that reside in the folder will inherit the permissions from the folder.
- Applying sensitivity labels to documents. Sensitivity labels are defined in Office 365 Security & Compliance where specific security rules can be set on certain sensitivity labels, e.g:
- restrict permissions to certain users
- restrict the possibility to copy content inside these documents
- restrict the possibility to download these documents
- restrict the possibility to print them
These restrictions will be applied to the documents, regardless of where they are stored (in SharePoint, as an attachment in an e-mail or downloaded to a disk.
Sensitivity labels are added to Office documents through an add-on to Office and users select a label by clicking on one of the label buttons on top of a document:
You can read more about sensitivity labels and their capabilities in Microsoft’s Overview of sensitivity labels and introduction to information protection.