Information Rights Management

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Traditionally, sensitive information can be controlled only by limiting access to the networks or computers where the information is stored. After a user is given access, however, there are no restrictions on what can be done with the content or to whom it can be sent. Microsoft Information Rights Management (IRM) enables you to create a persistent set of access controls that live with the content, rather than a specific network location, which can help you control access to files even after they leave your direct control.

With Windows SharePoint Services, IRM is available for files that are located in document libraries and stored as attachments to list items. Site administrators can elect to protect downloads from a document library with IRM. When a user attempts to download a file from the library, Windows SharePoint Services verifies that the user has permissions to the requested file, and issues a license to the user that enables access to the file at the appropriate permissions level. Windows SharePoint Services then downloads the file to the user's computer in an encrypted, rights-managed file format.

Custom IRM Protectors

Using the extensible IRM architecture in Windows SharePoint Services, you can create custom rights-management protectors that convert custom files types to rights-management formats when the user downloads them, and then convert those files back to nonencrypted file formats when the user uploads them for storage in the document library.

Each IRM protector must be registered on every front-end Web server, and is made available to every document library in the server farm. When you register the IRM protector, you specify which file types the protector can convert to and from rights-managed versions. A specific file type can be associated with only one IRM protector, but a given IRM protector can be associated with multiple file types.

You can create two types of IRM protectors that use the IRM framework in Windows SharePoint Services: integrated protectors and autonomous protectors.

Integrated protectors rely on Windows SharePoint Services for access to the Windows Rights Management Server (RMS) platform for generating protected versions of files, and for removing protection from rights-managed files. Autonomous protectors, however, must configure and execute the entire rights-management process; autonomous protectors may access the Windows RMS platform directly, or employ another rights-management platform.

See Also

Tasks

How to: Register an IRM Protector

Concepts

IRM Framework Architecture in Windows SharePoint Services

IRM File Processing

Custom IRM Protectors