SealPath Permission Control is an Information Rights Management (IRM) component that enables organizations to create, manage, and enforce document protection policies. It allows both end users and administrators to define granular access permissions on documents without requiring IT involvement for routine operations. Administrators can create named protection policies (e.g., COMPANY CONFIDENTIAL, LEGAL DEPARTMENT) and assign them to individual users or groups. Users can also create their own policies for sharing documents with external parties. Policies can be assigned to Active Directory or LDAP groups, entire domains, or subdomains, removing the need for individual user assignment. Key permission controls include read, edit, copy, print, and copy/paste restrictions, as well as a delegated "Add users" permission that lets collaborators onboard additional users within defined permission boundaries. Ownership of protected documents can be transferred between users by administrators, either broadly or per policy. Access can be time-limited through configurable expiry dates, which take effect in real time. Documents can also be restricted to specific IP ranges, ensuring sensitive content remains accessible only from within a defined network boundary. Dynamic watermarks can be applied to documents, embedding the opener's email address, IP address, and timestamp on each page — including in screenshots. The solution supports both online and offline access. In offline mode, users can access protected files for a configurable number of days without a network connection, with SealPath Sync enabling bulk offline access without requiring documents to be pre-opened individually.