Using the information already provided by the users to make assumptions about who should have access after protecting the document with DRM.

If a file share owner has granted read, read write, and admin access to a share, a group could be created dynamically that would include these members, and the rights could be created according to the original ACLs on the file share.

This would allow a group owner (the share owner) to add and remove users from a document, or sets of documents after they leave the file share. This would solve the problem around managing DRM rights. Currently, it is hard to manage granular sets of rights, as these are not readily automatable. However, with this approach, groups can be built on the fly based on sensitivity of the information and whom has access already. For example, certain PCI information is currently available to a PCI group, in this scenario, DRM rights would be granted to this PCI group on the fly for any document extracted from the central repository