Allow granular protection within custom protection option of the the AIP client
Within the AIP client custom permissions, currently this only allows for one type of access to be granted to a group/user/domain. Having the ability to set one group at one level different to another. Currently this requires an AIP admin to create a specific protection label to achieve.
Andrew Yam commented
On the user case, 1 file may not be only for 1 permission group user. For confidential document may be for this group is view only. For some user can full edit.
Sherif Talaat commented
Add the ability to define multiple permissions to different users/groups in the custom permissions of the AIP client. For example, groupX has Read-only while groupY has Editor. Today, we have to assign different permissions to different versions of the same file, or do it via IRM template which is available only for admins not the users.
When can we get an answer to this, please Dan Plastina, we need your help to push Microsoft to get this Granular Control added.
From within the Custom Permission Dialog, allow picking from individual RMS Permissions rather than just the default permission sets.
R. Eberhard commented
Am I right in understanding that the access control could be extended in way that new groups could be added to existing group/user/domain protected data? This would be a requirement from our customers w.r.t. e-discovery. A new group (not a group that has been initially added to the template) needs to be added to a number of documents to be investigated.
The goal is to give the auditors just access to a specific amount of data to be investigated but not to the entire set that has been protected with that specific template.
Ed Williams commented
PLEASE, this would be my #1 highest request, followed closely by Global Address Book connectivity inside Office applications. I hope this implies the concept of applying a template directly to a document without needing a label. If it doesn't, then that's what I need most! Can't describe to you how frustrating it was to have RMS Add-On ready to roll out when they replaced it with AIP and I still can't get the same functionality back.