diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/ClassificationServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/ClassificationServiceImpl.java
index c123a90e05..2dd2a5ea5e 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/ClassificationServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/ClassificationServiceImpl.java
@@ -167,11 +167,31 @@ public class ClassificationServiceImpl extends ServiceBaseImpl
         return classificationServiceDao.getConfiguredReasons();
     }
 
+    /**
+     * Create a list containing all classification levels up to and including the supplied level.
+     * 
+     * @param allLevels The list of all the classification levels starting with the highest security.
+     * @param targetLevel The highest security classification level that should be returned. If this is not found then
+     *            an empty list will be returned.
+     * @return an immutable list of the levels that a user at the target level can see.
+     */
+    List<ClassificationLevel> restrictList(List<ClassificationLevel> allLevels, ClassificationLevel targetLevel)
+    {
+        int targetIndex = allLevels.indexOf(targetLevel);
+        if (targetIndex == -1) { return Collections.emptyList(); }
+        List<ClassificationLevel> subList = allLevels.subList(targetIndex, allLevels.size());
+        return Collections.unmodifiableList(subList);
+    }
+
     @Override
     public List<ClassificationLevel> getClassificationLevels()
     {
-        return configuredLevels == null ? Collections.<ClassificationLevel>emptyList() :
-                                          Collections.unmodifiableList(configuredLevels);
+        if (configuredLevels == null) {
+            return Collections.emptyList();
+        }
+        // FIXME Currently assume user has highest security clearance, this should be fixed as part of RM-2112.
+        ClassificationLevel usersLevel = configuredLevels.get(0);
+        return restrictList(configuredLevels, usersLevel);
     }
 
     @Override public List<ClassificationReason> getClassificationReasons()
diff --git a/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/classification/ClassificationServiceImplUnitTest.java b/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/classification/ClassificationServiceImplUnitTest.java
index 69e5d91b09..bb4c09cbcb 100644
--- a/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/classification/ClassificationServiceImplUnitTest.java
+++ b/rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/classification/ClassificationServiceImplUnitTest.java
@@ -19,6 +19,7 @@
 package org.alfresco.module.org_alfresco_module_rm.classification;
 
 import static java.util.Arrays.asList;
+import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.Matchers.any;
 import static org.mockito.Matchers.anyString;
@@ -33,6 +34,7 @@ import java.util.List;
 import java.util.stream.Stream;
 
 import org.alfresco.module.org_alfresco_module_rm.classification.ClassificationServiceException.MissingConfiguration;
+import org.alfresco.module.org_alfresco_module_rm.test.util.ExceptionUtils;
 import org.alfresco.module.org_alfresco_module_rm.test.util.MockAuthenticationUtilHelper;
 import org.alfresco.module.org_alfresco_module_rm.util.AuthenticationUtil;
 import org.alfresco.service.cmr.attributes.AttributeService;
@@ -201,7 +203,7 @@ public class ClassificationServiceImplUnitTest
         String expectedMessage = "Classification reasons configured in classpath do not match those stored in Alfresco. Alfresco will use the unchanged values stored in the database.";
         assertTrue("Warning message not found in log.", messages.anyMatch(message -> message == expectedMessage));
     }
-    
+
     @Test(expected = MissingConfiguration.class)
     public void noReasonsFoundCausesException()
     {
@@ -211,4 +213,34 @@ public class ClassificationServiceImplUnitTest
 
         classificationServiceImpl.initConfiguredClassificationReasons();
     }
+
+    /**
+     * Check that restrictList returns the three lower security levels when supplied with "secret" (i.e. that it doesn't
+     * return "top secret").
+     */
+    @Test public void restrictList_filter()
+    {
+        ClassificationLevel targetLevel = new ClassificationLevel("Secret", "rm.classification.secret");
+
+        List<ClassificationLevel> actual = classificationServiceImpl.restrictList(DEFAULT_CLASSIFICATION_LEVELS, targetLevel);
+
+        List<ClassificationLevel> expected = asLevelList("Secret",       "rm.classification.secret",
+                                                         "Confidential", "rm.classification.confidential",
+                                                         "No Clearance", "rm.classification.noClearance");
+        assertEquals(expected, actual);
+        // Check that the returned list can't be modified.
+        ExceptionUtils.expectedException(UnsupportedOperationException.class, () -> actual.remove(0));
+    }
+
+    /**
+     * Check that restrictList returns an empty list when the target is not contained in the list.
+     */
+    @Test public void restrictList_targetNotFound()
+    {
+        ClassificationLevel targetLevel = new ClassificationLevel("UnrecognisedLevel", "rm.classification.IMadeThisUp");
+
+        List<ClassificationLevel> actual = classificationServiceImpl.restrictList(DEFAULT_CLASSIFICATION_LEVELS, targetLevel);
+
+        assertEquals("Expected an empty list when the target level is not found.", 0, actual.size());
+    }
 }