Plan Information Rights Management (SharePoint Server 2010)

Applies to: SharePoint Server 2010

Information Rights Management (IRM) enables content creators to control and protect their documents. The contents of rights-managed documents are encrypted and supplied with a publishing license that imposes restrictions on users. These restrictions vary depending on the level of users' permissions. Typical restrictions include making a document read-only, disabling copying of text, not allowing users to save a copy of the document, or preventing users from printing the document. Client applications that read IRM-supported file types use the issuance license inside an IRM-managed document to enforce the restrictions on users who access the document.

In this article:

• About IRM in SharePoint Server 2010

• IRM permissions in SharePoint Server 2010

About IRM in SharePoint Server 2010

Microsoft SharePoint Server 2010 supports using IRM on documents that are stored in document libraries. Documents that can be rights-managed in SharePoint Server 2010 include Microsoft InfoPath forms, Microsoft Word, Microsoft Excel, and Microsoft PowerPoint file formats, in addition to Word, Excel, and PowerPoint Open XML file formats, and XPS (XML Paper Specification) documents. To add other file types, an administrator must install protectors — programs that control the encryption and decryption of rights-managed documents — for each new type of file.

By using IRM in SharePoint Server 2010, you can control at the site collection level the actions that users can take on documents when the documents are opened from libraries in SharePoint Server 2010. This is in contrast to IRM applied to documents that are stored on client computers, where the owner of a document can choose which rights to assign to each user of the document. Use IRM on document libraries to control sensitive content that is stored on the server. For example, if you are making a document library available to preview upcoming products to other teams within your enterprise, you could use IRM to prevent the teams from publishing the content to audiences outside your organization.

When IRM is enabled on a document library and a document in an IRM-supported format is downloaded from the server to a client application, SharePoint Server 2010 encrypts the document and adds an issuance license. When the document is uploaded back to the server, SharePoint Server 2010 decrypts the file and stores it in the library in a form that is not encrypted. By only encrypting documents when they are downloaded and decrypting them when they are uploaded, SharePoint Server 2010 enables features such as search and indexing to operate as usual on the files in the IRM-protected document library.

To use IRM with SAML authentication, you must install the June 2011 cumulative update for SharePoint Server 2010 or a more recent update. For more information about SharePoint Server 2010 updates, see the Updates resource center (https://go.microsoft.com/fwlink/p/?LinkID=220218).

For more information about IRM as it is implemented by Rights Management Services (RMS), see RMS FAQ (https://go.microsoft.com/fwlink/p/?LinkId=230459).

IRM permissions in SharePoint Server 2010

The IRM permissions that are applied to a document when users download it from a document library are based on each user's permissions to the content in the SharePoint Server 2010 security settings. The following table describes how SharePoint Server 2010 permissions are converted to IRM permissions.

See Also

Concepts

Configure Information Rights Management (SharePoint Server 2010)