Example: Internet vs. Intranet

To give an example that is not tied to secret services I will use the common problem of publishing content for the internet, intranet or both. Companies want to re-target intranet content for their public site but they want to avoid publishing internal use only content there. Frequently employees of the company work as publishers on both channels and therefore need the rights to do so. But how do you then prevent intranet content from accidentially being published on the internet site? (lets forget about malicious employees for the moment).