My customer, who is an end-user, is disapointed because the security setup must be done by scripting and therefore by the (external) IT department.
I know it is tecnically very difficult to do otherwise, but maybe some-one has a genius idea.
Just have the scripting read from an excel or a db, and have the customer enter the security settings in that.
LOAD ACCESS, NTNAME, DEPARTMENT
(ooxml, embedded labels, table is Sheet1);
You can also set this up in publisher and pull it into the document from there.
Retrieving data ...