To control access to a document, a control policy is often contained in the document, such as the case when access control information is encrypted into the document. The document creator assigns access rights for the document to a set of users. A user having assigned access rights is able to access the document according to the assigned rights. The user may then save the document to a different location, e.g. different folder, at which point the document is re-encrypted as specified by the user. The document may then be moved from one location to another and the original access control information changed or stripped.