Tuesday, December 13, 2016

Azure AIP/RMS: SharePoint Permission vs IRM Permission Mapping

Mr.Customer asked me about how SharePoint Permission map to IRM Permission? Will the IRM Permission takeover or replace the SharePoint Permission granted to user?

https://support.office.com/en-us/article/Apply-Information-Rights-Management-to-a-list-or-library-3bdb5c4e-94fc-4741-b02f-4e7cc3c54aa1 This article actually explained the questions above. However, there is a little doubt here. Do we need all the Permission configured on the left in order to map the IRM Permissions?

For example: To map the Full Control IRM Permission. Do we need both Manage Permissions, and Manage Web Site in SharePoint Permission? Or we just need only one of the SharePoint Permission?


To answer the little doubt above, I ran few rounds of test in my environment. The answer is any one of the SharePoint Permission. You need either Manage Permissions OR Manage Web Site in SharePoint Permission to map the Full Control IRM Permission.

Another example, if Edit Items SharePoint Permission assigned to the user, he/she will have the Edit, Copy, and Save IRM Permissions. It Doesn’t Requires All 3 SharePoint Permissions (Edit Items, Manage Lists, Add and Customize Pages) To Be Assigned In Order To Map The Edit, Copy, and Save IRM Permissions !! Anyone will do….

I did some further testing by enabling “Allow viewers to write on a copy of the downloaded document” This setting will allow the user to download and edit the downloaded/offline copy. This setting OVERWRITE those with View Items SharePoint Permission OR Read IRM Permission to edit the downloaded /offline copy.


My two cents is View Items SharePoint Permission OR Read IRM Permission is meant to control the documents so that user can View only (cannot edit, modify, copy, save, etc). By enabling the “Allow viewers to write on a copy of the downloaded document” simply defeat the purpose of trying to control the documents. Enabling this setting wisely.

So long, and Thanks for reading!


  1. Replies
    1. Big data is a term that describes the large volume of data – both structured and unstructured – that inundates a business on a day-to-day basis. big data projects for students But it’s not the amount of data that’s important.Project Center in Chennai

      Spring Framework has already made serious inroads as an integrated technology stack for building user-facing applications. Corporate TRaining Spring Framework the authors explore the idea of using Java in Big Data platforms.

      Spring Training in Chennai

      The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

  2. NordVPN 7.8.0 Crack is a powerful software to safeguard your data on the network and uncovers the prohibited sites. Be private and hidden on the net, find all sites and applications wherever you are, and protect your individual information and IP. Nord VPN Cracked pc

  3. Samsung Tool Pro is a professional phone software servicing device. List of supported functions: Flash; Unlock; Remove Screen Lock; Repair IMEINVM/EFS, Root etc ...Z3X Samsung Tool Pro Crack