Plan Information Rights Management (SharePoint Server 2010)
Applies to: SharePoint Server 2010
Topic Last Modified: 2012-01-12
Information Rights Management (IRM) enables content creators to control and protect their documents. The contents of rights-managed documents are encrypted and supplied with a publishing license that imposes restrictions on users. These restrictions vary depending on the level of users' permissions. Typical restrictions include making a document read-only, disabling copying of text, not allowing users to save a copy of the document, or preventing users from printing the document. Client applications that read IRM-supported file types use the issuance license inside an IRM-managed document to enforce the restrictions on users who access the document.
In this article:
Microsoft SharePoint Server 2010 supports using IRM on documents that are stored in document libraries. Documents that can be rights-managed in SharePoint Server 2010 include Microsoft InfoPath forms, Microsoft Word, Microsoft Excel, and Microsoft PowerPoint file formats, in addition to Word, Excel, and PowerPoint Open XML file formats, and XPS (XML Paper Specification) documents. To add other file types, an administrator must install protectors — programs that control the encryption and decryption of rights-managed documents — for each new type of file.
By using IRM in SharePoint Server 2010, you can control at the site collection level the actions that users can take on documents when the documents are opened from libraries in SharePoint Server 2010. This is in contrast to IRM applied to documents that are stored on client computers, where the owner of a document can choose which rights to assign to each user of the document. Use IRM on document libraries to control sensitive content that is stored on the server. For example, if you are making a document library available to preview upcoming products to other teams within your enterprise, you could use IRM to prevent the teams from publishing the content to audiences outside your organization.
When IRM is enabled on a document library and a document in an IRM-supported format is downloaded from the server to a client application, SharePoint Server 2010 encrypts the document and adds an issuance license. When the document is uploaded back to the server, SharePoint Server 2010 decrypts the file and stores it in the library in a form that is not encrypted. By only encrypting documents when they are downloaded and decrypting them when they are uploaded, SharePoint Server 2010 enables features such as search and indexing to operate as usual on the files in the IRM-protected document library.
To use IRM with SAML authentication, you must install the June 2011 cumulative update for SharePoint Server 2010 or a more recent update. For more information about SharePoint Server 2010 updates, see the Updates resource center (http://go.microsoft.com/fwlink/p/?LinkID=220218).
For more information about IRM as it is implemented by Rights Management Services (RMS), see RMS FAQ (http://go.microsoft.com/fwlink/p/?LinkId=230459).
The IRM permissions that are applied to a document when users download it from a document library are based on each user's permissions to the content in the SharePoint Server 2010 security settings. The following table describes how SharePoint Server 2010 permissions are converted to IRM permissions.
|SharePoint Server 2010 permissions||IRM permissions|
Manage Permissions, Manage Web
Full control, as defined by the client. This generally allows a user to read, edit, copy, save, and modify or remove the permissions of rights-managed content.
Edit List Items, Manage List, Add and Customize Pages
Edit, copy, and save permissions. You can optionally enable users who have these permissions to print documents from the document library.
View List Item
Read permissions. A user can read the document, but cannot copy or update its content. You can optionally enable users who have view list item permissions to print documents from the document library.
No other permissions map to IRM permissions.