Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Basic Doubts in Rights Management ES

Avatar

Level 2

I have started learning Rights Management ES. From the materials i referred, i have some doubts in it.

1) Will all the readers be connected to Rights Management Server. (I saw all the policies listed out in 'Manage Security Policies' in a example demo). How this is happening?

2) Will all the documents also be stored in the Rights Management Server? If not, how the latest version of the document is being retrieved when the user tries to open older version document?

3) Audit trail - I read that the secured documents will be kept in track always (i.e) whatever action is done on the document will be logged in server. Does it mean that the reader will keep on sending information to server? What will be the case if the user if offline?

4) I read that the supported formats are Ms word, excel, etc... Should all these formats be converted to pdf before applying security policy? If not, will Microsoft Office contact the Rights Management Server for applying policies?

5) User is Offline - I read that whenever a policy is applied to a document, the document key will be encrypted and when the user is opening the document, the server will provide the document key for decryption. How this case will happen when the user is offline?

Please help

3 Replies

Avatar

Level 9

1) Will all the readers be connected to Rights Management Server. (I saw all the policies listed out in 'Manage Security Policies' in a example demo). How this is happening?

ANSWER:  Reader does not require any configuration to "connect" it to a particular Rights Management server.  A rights managed PDF contains the "Base URL" of the RM server that was used to protect the PDF.  This url lets Reader connect to the correct RM server.

2) Will all the documents also be stored in the Rights Management Server? If not, how the latest version of the document is being retrieved when the user tries to open older version document?

ANSWER

Rights Management does not store any documents, it manages the policy information, encryption keys, audit information etc...  When a user attempts to open a Rights Managed document, a connection is established (assuming the document is not being viewed offline) and assuming the user is able to authenticate properly and the document has not been revoked, the document will open.  If an older (revoked) version is attempted to be opened, there is an option when a document is revoked to configure a message to infornm the user the document hase been revoked, and optionally a URL can be specified to re-direct the user to a newer version.

3) Audit trail - I read that the secured documents will be kept in track always (i.e) whatever action is done on the document will be logged in server. Does it mean that the reader will keep on sending information to server? What will be the case if the user if offline?

ANSWER

When a Rights Managed document is viewed "online", the audit events are sent to the RM server immediately.  If the policy allows for "Offline" access, and the document is being viewed offline, then the audit events are stored locally on the client system.  When a connection is establised in the future, the "offline" audit events are sent to the RM server.

4) I read that the supported formats are Ms word, excel, etc... Should all these formats be converted to pdf before applying security policy? If not, will Microsoft Office contact the Rights Management Server for applying policies?

ANSWER

The native Office formats can be RM proitected, there is no need to convert to PDF first.  There is a free plugin for MS Office (available for download from Adobe.com) that enables the various office products to apply policies to the Office documents.

5) User is Offline - I read that whenever a policy is applied to a document, the document key will be encrypted and when the user is opening the document, the server will provide the document key for decryption. How this case will happen when the user is offline?

ANSWER:

When a document has been protected with a policy that allows that user to view the document offline, the "document encryption key" is itself encrypted with a "Principal Key (256 bit AES), and embedded in the PDF.  The Principal Key is downloaded to the client machine and stored in Acrobat\Readers microsafe (an encrypted local data store).  When the user opens the PDF offline, the Principal Key is accessed from the microsafe, it is used to decrypt the document key, and the document key is in turn used to decrypt the document.

Regards

Steve

Avatar

Level 2

Thanks for the valuable information steve. It was really helpful.

I accept your answer for my first question. (i.e)

1) Will all the readers be connected to Rights Management Server. (I saw all the policies listed out in 'Manage Security Policies' in a example demo). How this is happening?

ANSWER:  Reader does not require any configuration to "connect" it to a particular Rights Management server.  A rights managed PDF contains the

"Base URL" of the RM server that was used to protect the PDF.  This url lets Reader connect to the correct RM server.

I believe the above answer applies to already protected pdf's.

  • How all the policies are listed out in reader for applying policies?
  • Will all the users be able to see the policies created by the administrator?
  • Can a end user apply policies to a document through adobe reader/professional? How his reader will communicate with the server?

Avatar

Level 9

I believe the above answer applies to already protected pdf's.

  • How all the policies are listed out in reader for applying policies?

ANSWER:  You cannot apply a policy to a PDF using Reader, you can only view policy protected PDFs.

  • Will all the users be able to see the policies created by the administrator?

ANSWER: Users that have been given the "Document Publisher" permission in a Policy Set will be able to see and apply the policy or policies that are in the policy set (assuming Acrobat Standard or Professional is configured to communicate with the Rights Management server, this configuration is found under the menu Advanced > Security Settings > Adobe LiveCycle Rights Management Servers)

  • Can a end user apply policies to a document through adobe reader/professional? How his reader will communicate with the server?

ANSWER:  Reader cannot be used to apply a policy to a PDF, Acrobat Standard or Professional can be used to apply policies.  Reader knows which RM server to contact when opening a RM protected document because the Base URL of the RM server that contains the policy information is embedded in the PDF.

Regards

Steve