Creating and Modifying Rights Policy Templates

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

When you add or edit a rights policy template, you can define the following elements:

  • Name and description of the rights policy template. You can optionally supply an e-mail address from which users may request more rights than the template grants to them.

  • Users and groups who are allowed to acquire use licenses for content published using this rights policy template. To specify that any user may acquire a use license for the protected content, use the Anyone group, which is a special group that is recognized by RMS. To add this special group to your template, on the Rights policy template settings page, type the word Anyone into the Add users or group field and then click the Add button.

  • Rights granted to each user or group. Some rights are automatically selected because of interdependencies of specific rights. For example, if you select the Edit right, the View and Save rights are also selected. For information about how the rights that are listed correspond to the rights that are defined in the XrML vocabulary, see “RMS Rights and XrML” later in this subject.

  • Expiration policy for the content published by using this rights policy template. By default, content never expires. This means that users can acquire use licenses at any time. You can choose one of the following expiration policy options:

    • Content never expires. This is the default option. When this option is selected, the use license will enable the user to access the content for as long as it is retained on the computer.

    • Content expires on. You can specify a date on which the content expires, meaning that a use license that has been granted expires on that date, and that a user cannot acquire a use license for the content after that date.

    • Content license expires n days after publishing date. You can specify the number of days after publication after which use licenses cannot be acquired for the content.

    • Use licenses for content must be renewed every: n days. You can specify that users must renew their use licenses after a given period of time has passed since acquiring the use license for the content. You can apply this policy in conjunction with the previous policies.

  • Extended policies. You can select one or more of the following policies:

    • Author is granted full rights without expiration. This policy gives the author perpetual full rights. This setting is applied even if you have specified that the content will expire at a certain time.

    • RMS-protected content can be viewed in trusted browsers. This policy controls whether or not the content can be viewed in trusted browsers if the RMS-enabled application that created the content also enables it. If you do not select this check box, protected content must be viewed by using the application that created it.

    • Require a new use license each time content is consumed. This policy controls whether or not users must acquire a new use license each time that they attempt to consume content that was published by using this rights policy template. When this policy is selected the user must be able to connect to the RMS server to access content.

    Warning

    Be careful when you enable the Require a new use license each time content is consumed policy. It requires that users are connected to the network each time that they consume content that was published by using this rights policy template. If they are not connected to the network, they cannot consume this content. By not enabling this setting, users need to obtain a use license only the first time that they attempt to consume content. The users can reuse the license when they are offline, until the license expires.

  • Enforce application-specific data. This policy provides the opportunity for customized policy that is based on conditions that are specific to the RMS-enabled application. If you select this check box, type a name and value pair that the application requires, and then click Add to add it to the list.

  • Revocation policy for this rights policy template. You can specify whether a revocation list is required by selecting Require revocation. If you want to require revocation, you must create and maintain a revocation list. For more information about revocation, see “Managing Revocation” earlier in this subject.

  • Revocation list for client access. This property provides a URL to the revocation list. You can make the revocation list available by using a Web service that can be accessed by using a URL. When a RMS client computer attempts to open rights-protected content that requires a revocation list, the RMS-enabled application will first query the local computer for the revocation list, and, if the revocation list is not found or is outdated, the application will then attempt to connect to the URL that is specified in the template properties. After the RMS client connects to the revocation URL, it checks to make sure that the OBJECT TYPE, ID TYPE, and ID values under the ISSUER element in the revocation list match what is in the RMS use license. Additionally, the RMS client will match the public and private keys that were used to sign the revocation list. If any one of these values does not match, the revocation list will be ignored.

  • Revocation list refresh interval. This property provides the number of days that a revocation list is valid. If the revocation list that was downloaded to the client computer is older than the time that is specified, a new list is downloaded.

  • Public key file. This property provides both the path and file name of the public key whose corresponding private key is used to sign the revocation list.