The classifications and compartments in sensitivity labels and user clearances are used in mandatory access control. Therefore, the legal department's hierarchical labels and the group names need to be encoded as classifications and compartments so that they can be used in the labels that control which individual employees can access files and do other work.
In the following example, Solar Systems, Inc. defines a sensitivity label with the PUBLIC classification, which is assigned the lowest value in the User Accreditation Range, and another sensitivity label with the INTERNAL_USE_ONLY classification with the next highest value above PUBLIC.
An employee with no authorizations whose clearance is PUBLIC and whose minimum label is PUBLIC is able to use the system as follows:
Works only in a PUBLIC workspace,
Creates files only at PUBLIC,
Reads email only at PUBLIC, and
Uses printers only if they have PUBLIC in their label range
In contrast, an employee with no authorizations whose clearance is INTERNAL_USE_ONLY is able to use the system as follows:
Works in either a PUBLIC or an INTERNAL_USE_ONLY workspace
Creates files at either PUBLIC or at INTERNAL_USE_ONLY (depending on what workspace the employee is currently in)
Receives and sends email at either sensitivity label.
Can print a file labeled PUBLIC on any printer with PUBLIC in its label range, and can send a file labeled INTERNAL_USE_ONLY to any printer with INTERNAL_USE_ONLY in its label range.