Effects of changes

Documents get their security policy from the default security policy of their class, if the class has one. Therefore, if you change a document's class to a class that has a different default security policy, the document will immediately take on that new security policy. This also means that if you change a document's class to one that has a security policy that is not the class' default (that is, the new class has a security policy associated with it that was not its original default policy), the document will not take on that new policy but will keep its association with the former security policy.

These scenarios describe the security behavior of changing a document's class, and assume that the security policies in question have appropriate templates.

If you change a document version's class, and both the new class and the old class have different default security policies, the permissions applied by the old security policy are immediately removed and the permissions of the new security policy are immediately applied to the version. The permissions already applied by the old document class' Default Instance ACL are not changed. In other words, the new document class does not apply its Default Instance permissions to the document.

If you change a document version's class, and the version has a policy that does not match the previous class, the software assumes that the version has a security policy that was applied by a user and leaves it as is.

If you change a document's class, and the old class has a security policy and the new class does not, the permissions applied by the old security policy are immediately removed. Since the new class has no security policy, the permissions on the document would come from the other usual sources: from being directly applied, from the Default Instance ACL of the new document class, and from a security parent, if there is one.