Information Rights Management with SharePoint

Information Rights Management (IRM) provides an additional layer of content security over that provided by more traditional access control lists (ACLs). IRM establishes usage limitations on a file rather than limiting access. For example, you may grant a user access to a file but you may not want them to change the file on the client computer or forward it to someone else. IRM provides this additional level of security.

Implementing IRM security in SharePoint Products and Technologies requires additional software that is not shipped with either Windows SharePoint Server 3.0 or Office SharePoint Server 2007. You must install the Microsoft Windows Rights Management Services Client, version 1, on every Web front-end server in your server farm. In addition,Microsoft Windows Rights Management Services (RMS) for Microsoft Windows Server® 2003, service pack 1.0 or later, must be available on your network.

You can implement IRM on document libraries. When IRM is enabled on a document library, and a document of a type that can be rights-managed is downloaded from the server to a client application, the SharePoint Products and Technologies server encrypts the document and adds an issuance license. When the document is uploaded back to the server, the SharePoint Products and Technologies server decrypts the file and stores it in the library in unencrypted form, as content is not encrypted in the SQL Server database. This enables features such as search and indexing to operate as usual on the files in the IRM-protected document library. The IRM permissions that are applied to a document when users upload it to a document library are based on each user's permissions for the content in the SharePoint Products and Technologies server security settings.

Microsoft Windows SharePoint Services 3.0 does not have the Microsoft® Office protector files that are required to automatically rights-protect a document when it is uploaded. You must use Office SharePoint Server 2007 to do this.