Suggestions sought on best way to meet these protection requirements


  • I'm trying to protect documents used in the company's appraisal process. The requirements are:

    • Employee and employee's manager has full control
    • HR are able to view and print
    • General Managers are able to view

    Initially, I thought I could start off with a template specifying the bits that were going to be the same for all documents, i.e. HR and the General Managers, and then allow employees/employee managers to finish it off. However, it doesn't look like you can do that :-(

    I know that by default the author of a document has full control so, in theory, that just leaves me struggling to either find a way for the manager to add their employee, or the employee to add their manager.

    I guess I could create different templates for each department but it would then fall to the employee to create the documents so that they are added to the Full Control list (assuming that the department template adds the manager).

    Anyone got any better suggestions? Unfortunately I can't let users manage it just through the "Restricted Access" UI because there isn't a default mechanism that allows "view and print" which the HR staff will need to have.



    2012年2月9日 11:15


  • Could you have employees upload their appraisal document to a website  ?  If you can then you could protect the document on the server using an ADRMS Enabled application and use Restricted Access while doing so and grant the correct folks the correct permissions. The Restricted Access UI does have some limitations ( probably for convenience) but if you are protecting using the RMS SDK you can specify whatever permissions you want. Obviously this has the overhead of obtaining a cert from Microsoft to manifest your apps and learning to use the RMS SDK. But once you do these things they can be pretty handy in customizing AD RMS.

    2012年3月8日 4:13