SharePoint (SP) and Simple Encryption Platform (SEP) are different. You can choose to add additional layer of security by adding/removing access rights in SharePoint itself. But SEP does not use SP for the encryption.
SharePoint Products has the following default site groups and permission
- Administrator - Full Control
- Web Designer (Design) - Can view, add, update, delete, approve and customize
- Contributor (Contribute) - Can view, add, update, and delete list items and documents
- Reader (Read) - Can view pages and list items and download documents.
- Limited access - Can view specific lists, document libraries. list items. folders or documents when given permissions.
Giving these roles in SharePoint another security layer for access control, known by security professional as Defence in Depth (DiD). SharePoint roles are in no way related to the SEP roles (manager, contributor and reader).
Example1: Administrator of SharePoint but no access to an encrypted document cannot de-crypt the document and cannot consume the information.
Example2: a Reader in SharePoint, but manager for a SEP encrypted document, can download the encrypted file from SharePoint and edit,modify it and change access rights on the encrypted document. However she cannot upload it back to SharePoint.