Plan Information Rights Management
Updated: February 26, 2009
Applies To: Office SharePoint Server 2007
In this article:
Information Rights Management (IRM) enables content creators to control and protect their documents. The contents of rights-managed documents are encrypted and supplied with an issuance license that imposes restrictions on users. These restrictions vary depending on the level of users' permissions. Typical restrictions include making a document read-only, disabling copying of text, not allowing users to save a copy of the document, or preventing users from printing the document. Client applications that read IRM-supported file types use the issuance license inside an IRM-managed document to enforce the restrictions on users who access the document.
Information Rights Management in Office SharePoint Server 2007
Microsoft Office SharePoint Server 2007 supports using IRM on documents stored in document libraries. Documents that can be rights-managed in Office SharePoint Server 2007 include Microsoft InfoPath forms, Microsoft Word, Microsoft Excel, and Microsoft PowerPoint file formats, in addition to Word, Excel, and PowerPoint Open XML file formats. To add other file types, an administrator must install protectors — programs that control the encryption and decryption of rights-managed documents — for each new type of file.
By using IRM in Office SharePoint Server 2007, you can centrally control which actions users can take on documents when they open them from libraries in Office SharePoint Server 2007. This is in contrast to IRM applied to documents stored on client computers, where the owner of a document can choose which rights to assign to each user of the document. Use IRM on document libraries to control sensitive content that is stored on the server. For example, if you are making a document library available to preview upcoming products to other teams within your enterprise, you could use IRM to prevent the teams from publishing the content to audiences outside your organization.
When IRM is enabled on a document library and a document of a type that can be rights-managed is downloaded from the server to a client application, Office SharePoint Server 2007 encrypts the document and adds an issuance license. When the document is uploaded back to the server, Office SharePoint Server 2007 decrypts the file and stores it in the library in unencrypted form. By only encrypting documents when they are downloaded and decrypting them when they are uploaded, Office SharePoint Server 2007 enables features such as search and indexing to operate as usual on the files in the IRM-protected document library. The IRM permissions that are applied to a document when users upload it from a document library are based upon each user's permissions to the content in the Office SharePoint Server 2007 security settings. The following table describes how Office SharePoint Server 2007 permissions are converted to IRM permissions:
|Office SharePoint Server 2007 permissions||IRM permissions|
Manage Permissions, Manage Web
Full control, as defined by the client. This generally allows a user to read, edit, copy, save, and modify the permissions of rights-managed content.
Edit List Items, Manage List, Add and Customize Pages
Edit, copy, and save permissions. You can optionally enable users with these permissions to print documents from the document library.
View List Item
Read permissions. A user can read the document, but cannot copy or update its content. You can optionally enable users with view list item permissions to print documents from the document library.
No other permissions map to IRM permissions.
To use IRM in Office SharePoint Server 2007, you must install the Microsoft Windows Rights Management Services Client, version 1, on every front-end Web server in your server farm. In addition, Microsoft Windows Rights Management Services (RMS) for Windows Server 2003, service pack 1.0 or later, must be available on your network. To install the Windows Rights Management Services Client, and for additional information about Microsoft Windows Rights Management Services, visit the Windows Rights Management Services Technology Center (http://go.microsoft.com/fwlink/?LinkId=73121) and RMS FAQ (http://go.microsoft.com/fwlink/?LinkId=230459). For a description of the steps needed to configure Microsoft Windows Rights Management Services to allow Office SharePoint Server 2007 to create rights-managed content, see Integrating AD RMS and SharePoint Server 2007.
For each document library, specify whether or not to require IRM and, if protectors for additional document types are required, note that information in the Require Information Rights Management column. Use the following worksheet to record the information:
Document libraries worksheet (http://go.microsoft.com/fwlink/?LinkId=73306&clcid=0x409)
Download this book
This topic is included in the following downloadable book for easier reading and printing:
See the full list of available books at Downloadable content for Office SharePoint Server 2007.