Chapter 20: Information Rights Management


Download CD Content

Information Rights Management (IRM) is a feature of Microsoft Office 2003 Editions designed to enhance collaboration methods and restrict unauthorized access to the content of Microsoft Office Word 2003, Microsoft Office Excel 2003, Microsoft Office PowerPoint 2003, and Microsoft Office Outlook 2003 files. IRM uses encryption, permissions, licenses, Microsoft Active Directory directory service, license revocation, and Microsoft Windows Rights Management Services for Microsoft Windows Server™ 2003 or Passport to help provide a rights-managed method of content collaboration among a well-defined and carefully managed group of individuals.

Overview of Information Rights Management

Information Rights Management (IRM) technology in Microsoft Office 2003 helps to give organizations and information workers greater control of their sensitive information. IRM is a persistent file-level technology from Microsoft that allows the user to specify permission for who can access and use documents or e-mail messages, and it helps to prevent sensitive information from being printed, forwarded, or copied by unauthorized individuals. Once permission for a document or message has been restricted with this technology, the usage restrictions travel with the document or email message as part of the contents of the file.

Note

The ability to create content or e-mail messages with restricted permission using Information Rights Management is available only with the Microsoft Office Professional Edition 2003 version of the following applications—Microsoft Office Word 2003, Microsoft Office Excel 2003, Microsoft Office PowerPoint 2003, and Microsoft Office Outlook 2003. IRM is also available in the stand-alone versions of those applications.

IRM support in Office 2003 helps corporations and knowledge workers address two fundamental needs:

  • Restricted permission for sensitive information

    Most corporations today rely on firewalls, logon security-related measures, and other network technologies in an effort to help protect their sensitive intellectual property. The fundamental limitation of these technologies is that, once legitimate users have access to the information, they can share it with unauthorized people, potentially breaching security policies. IRM helps prevent the sensitive information itself from unauthorized access and reuse.

  • Information privacy, control, and integrity

    Information workers often deal with confidential or sensitive information, relying on the discretion of others to keep sensitive materials in-house. IRM eliminates any temptation to forward, copy, or print confidential information by helping to disable those functions in documents and messages with restricted permission.

For information technology (IT) managers, IRM helps enable the enforcement of existing corporate policies regarding document confidentiality, workflow, and e-mail retention. For CEOs and security officers, it significantly reduces today’s risk of having key company information in the hands of the wrong people, whether by accident, thoughtlessness, or through malicious intent.

When enabled by the organization by using Microsoft Windows Rights Management Services (RMS) for Windows Server 2003, users of Office 2003 can easily take advantage of this technology. A simple user interface based on customizable “permission policies” (available from the File menu) makes IRM convenient and approachable. Integration with Active Directory directory service provides a level of convenience not seen on today’s document-specific passwords. Finally, the Rights Management Add-in for Microsoft Internet Explorer allows the users of Microsoft Windows —if they have the proper permission—to read e-mail messages and some documents with restricted permission whether or not they have Office 2003.

Organizational policy

Using IRM technology, Office 2003 allows companies to create “permission policies” that appear in Office applications. For example, a company might define a policy called “Company Confidential,” which specifies that documents or e-mail messages using that policy can be opened by users inside the company domain only. There is no limit to the number of policies that can be created.

Rights Management Add-in for Internet Explorer

Since permissions are granted at the application level, Office documents with restricted permission can only be opened by Office 2003 or later. However, the Rights Management Add-in for Internet Explorer allows users without Office 2003 to read content with restricted permission.

Additional server requirements for IRM

Windows Server 2003 with Windows Rights Management Services is required to enable IRM with Office 2003. This service enables users to share documents and messages with restricted permission using Microsoft .NET Passport as the authentication mechanism, as opposed to Active Directory.

Passport

If an RMS server is not in place on the domain, but use of the IRM feature is required, access to the Internet from each client workstation must be provided to allow users access to the Microsoft Passport servers. Passport accounts can be used when assigning permissions to the various users who will need access to the contents of the file. However, this does not allow for groups of users to gain access to a file. Each user must be specifically granted permission to the file when using Passport accounts.

Usage and enforcement of permissions

IRM uses various levels of permissions to restrict access to the content of a file.

The following rights are enforced by the Office applications. These rights are grouped into a list of custom settings in the Office applications and three levels of permission.

Office bases all of its permission enforcement on these rights defined in the Microsoft Windows Rights Management Services for Windows Server 2003.

  • Full Control Gives the user every right listed below, and the right to make changes to the permissions associated with the content. Expiration does not apply to users with Full Control.

  • View Allows the user to open IRM content. This maps to the “Read” Access in the Office user interface.

  • Edit Allows the user to edit the IRM content.

  • Save Allows the user to save the file.

  • Extract Allows the user to make a copy of any portion of the file and paste it into the work area of another application.

  • Export Allows the user to save the content in another location or format that may or may not support IRM.

  • Print Allows the user to print the contents of the file.

  • Allow Macros Allows the user to run macros against the contents of the file.

  • Forward Allows e-mail recipients to forward an IRM e-mail message.

  • Reply Allows e-mail recipients to reply to an IRM e-mail message.

  • Reply All Allows e-mail recipients to reply to all users on the To: and CC: lines of an IRM email message.

  • View Rights Allows users permission to view the rights associated with the file. Office ignores this right.

A user can specify one of several predefined groups of rights when creating IRM content:

  • Read User with Read permission has only the View right.

  • Do Not Forward In Outlook, the author of an IRM e-mail message can apply Do Not Forward permission to the users in the To:, Cc:, and Bcc: lines.

    This permission includes the View, Reply, and Reply All rights.

  • Change Users with Change permission have View, Edit, Extract, Export, and Save rights.

Additional permissions in Office documents

In addition to the permission groups mentioned previously, specific rights can be specified in the advanced user interface of Word, Excel, and PowerPoint. Outlook always enables messages to be viewed by a browser that supports Rights Management.

The following options are available on the Permission dialog for Word, Excel, and PowerPoint:

  • This document expires on This option allows the author to specify a date after which the IRM content becomes unreadable for everyone but users with Full Control.

  • View content in trusted browsers This option allows the author to specify whether users without Office 2003 can view the content in the Rights Management Add-in for Internet Explorer.

  • Require a connection to verify a user’s permission This option gives the author the ability to force users to connect to the Windows Rights Management server every time content is opened. This is useful if permissions to a shared document change over time and the author wants to make sure every user is verified prior to opening the document.




Microsoft Office 2003 Resource Kit 2003
Microsoft Office 2003 Editions Resource Kit (Pro-Resource Kit)
ISBN: 0735618801
EAN: 2147483647
Year: 2004
Pages: 196

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net