The View permission allows users to open or access a protected file. Users cannot open the file without having the View right. Any user who has access to a file will always have the View permission on it.
The Lite Viewer permission allows you to open a protected file using
If Seclore Lite is installed, the Lite Viewer permission allows the recipient to do everything controlled by the Screen Capture permission (e.g. take screen captures), even if they does not have the Screen Capture permission on the open file. Any recipient with the Lite Viewer permission on the file can perform the following actions on it:
The Edit permission allows users to edit the contents of a file.
With the Edit permission, users may use the Save or Save As options to save the edited file. If they use the Save As option to save the file with a different name or format (extension), the new file will be saved with the same access permissions as the original one.
The Copy data permission allows users to copy content from one protected file to another protected file only.
Copy data does not control the copy and paste of content within the same file itself. To move or copy content within the file and then save changes, Edit permission is needed.
The Copy Data permission does not allow users to copy content from a protected file to an unprotected file, as that would result in a security breach. To copy data to an unprotected file, one needs to unprotect the file first, which can be done only by owners and users with Full control permission.
To prevent security breaches, certain restrictions have been placed for copying data outside a protected file. Users will be allowed to copy content under this permission only if the following conditions are met:
Copying data is allowed since the rights on the source file are the same as the rights on the destination file.
Copying data is allowed since the rights on the destination file are less than the rights on the source file.
Copying is not allowed since the rights on the destination file are more than the rights on the source file. This action would result in data moving from a more secure location to a less secure location.
The Print permission allows users to take hard-copy printouts of the file.
It is possible to provide Print permission to users without the Edit permission.
The Print permission does not allow the user to Print to PDF.
The Screen Capture permission allows users to
If even one file without the Screen Capture permission is open on the desktop, Screen capture functionality will be disabled universally i.e. for all open files. To be able to take screen captures one needs Screen Capture rights on all open files - even the ones that are minimized.
The Macro permission will allow the user to view, edit and execute macros (programs) in MSOffice and OpenOffice files
If a protected file has a macro (i.e. it is macro-enabled) it will open only if you have Macro rights on it. Without Macro rights, the file will not open at all.
Giving a user the Macro permission means giving him/her full ‘programmatic’ access to the content in the file. In general, the content in a macro-enabled file is vulnerable to any malicious scripts or programs that have access to this content.
The Full Control permission allows users to unprotect a file and also includes other permissions such as View, Edit, Print, Copy Data, Screen Capture and Macro.
As this permission gives the user the power to remove all protection from a file, it should be given with extreme caution.
Once a file is unprotected, content can be freely copied out of the file and the file itself can be distributed freely to anyone.
While most of the privileges of a file owner are also available to a user with Full Control permissions, there are a few differences between the two:
|
Operation |
File Owner |
User with Full Control rights |
|
Change the access rights (policies) on a file |
Yes |
No |
|
View the activity logs of a file |
Yes |
No |
|
Requires a protector license |
Yes |
No |
The Offline permission allows users to open and work on a file without being connected to the Policy Server.
What “Offline” means
In Seclore Rights Management, being offline means not being connected to the Seclore Policy Server - you may or may not be connected to the internet or your corporate network.
If you are able to connect to the internet but are unable to connect to the policy server, contact your local administrator.
Similarly, the state of being connected to the Seclore policy server is known as being 'online', regardless of whether you are connected to the internet or your corporate network.
Whenever a protected file is open it will always attempt to connect to the policy server to get your latest updated rights on the protected file. If it is not able to connect to the policy server, the file will open only if users have offline rights.
Offline permission is required for a file to be saved on the local machine, so that it can be used when the policy server cannot be contacted. These offline permissions are saved when the file is opened on your computer for the first time in online mode (i.e. connected to the policy server). Here’s a how it works:
When you subsequently open the file in offline mode, the file opens and is subject to the saved offline access permissions that were fetched from the server.
The offline permissions will work only after the file is opened in online mode at least once.
In offline mode, the permissions are enforced exactly as they are in online mode i.e. if you do not have Print rights, you will not be allowed to print the file.
Whenever the file is opened in online mode, the latest permissions will be saved on your computer. The latest rights are enforced whenever the file is opened next in offline mode.
Offline mode is not available for iOS devices (iPad, iPhone).
It is possible to provide different permissions for online and offline mode.
For example, users may be given View, Edit and Print, and Screen Capture permissions in Online mode, but only View and Screen Capture permissions in offline mode.
The offline permissions are not available indefinitely, but only for a limited period of time - known as the 'Offline period'. This period is the same for all users in your organization.
Once a file is opened online it can be used offline for the duration of the Offline period only. When the file is opened again in online mode after the offline period has elapsed, the offline period will restart from that day.
Share permission allows users to give permissions to others.
The user who is assigned this permission is known as the 'Sharer'. The sharer can now give (or 'share') permissions to other users by adding one or more additional policies to the file.
This sharing of permissions is subject to certain conditions. The sharer can give (or 'share') only those permissions that they have on a file. For example, if a user has the View, Edit, Print, and Share permissions on a file, they can share only those permissions to another user, and not, any permission other than that.
Note that the Share permission itself cannot be shared.
Say the owner (user A) of a protected file gives the View, Edit, Print, and Share permissions to a user B. B then shares a few permissions to another user C.
All actions performed on a file will be logged as usual, including the action of conferring permissions to other users under the Share permission. In the scenario above, all the permissions that B shares to C will be logged, along with all the activity that B and C perform on the file.