Rights

  • Article

[The AD RMS SDK leveraging functionality exposed by the client in Msdrm.dll is available for use in Windows Server 2008, Windows Vista, Windows Server 2008 R2, Windows 7, Windows Server 2012, and Windows 8. It may be altered or unavailable in subsequent versions. Instead, use Active Directory Rights Management Services SDK 2.1, which leverages functionality exposed by the client in Msipc.dll.]

Client and server licensor certificates and end-user licenses use the eXtensible rights Markup Language (XrML) version 1.2 RIGHTSLIST element to specify the rights they grant to a user. Licensor certificates contain only the issue right. End user licenses can include multiple rights.

The following example shows a RIGHTSLIST element for a server licensor certificate. The ISSUE right contains a CONDITIONLIST element which in turn contains an ACCESS condition that specifies the principal ID and a TIME condition that specifies the time period during which the principal can issue issuance licenses.

<RIGHTSGROUP name="Main-Rights">
  <RIGHTSLIST>
    <RIGHT name="ISSUE">
      <CONDITIONLIST>
        <ACCESS>
          <PRINCIPAL internal-id="1">
            <ENABLINGBITS type="sealed- key">
              <VALUE encoding="base64" size="2560">
                   43g3IPo9Qv9YCutZ
                   tTP8zTk+S0t7jCvnibhivl04ecwpp9Up/X0KwjCU+E
                   Efd+JvrBo3piLasy3bY2aIV/v+vryiXeLHkLJZbJD4E
                   YvQHvic6PZIOMEGs8PltbROuMxNkRwmYlBmkQl4
                   oCFW7B08a0QNNYIkX7G9N1L0A5z6AhjnvOYALyp
                   K3+lpQ33dE3SmJTOaOPGqHXRTXXeqA4mq/hEHPK
                   2E8iPv8xPP01QyJxpkUtyW2TdzCyz7x25yVYofviuw
                   Gs3hMW7lkIiMGVnxG7Wpt+nD83YWm=
              </VALUE>
            </ENABLINGBITS>
          </PRINCIPAL>
        </ACCESS>
        <TIME>
          <RANGETIME>
            <FROM>2008-01-01T00:00</FROM>
            <UNTIL>2009-01-01T00:00</UNTIL>
          </RANGETIME>
        </TIME>
      </CONDITIONLIST>
    </RIGHT>
  </RIGHTSLIST>
</RIGHTSGROUP>

End-user licenses also use the RIGHTSLIST element but can include multiple predefined and custom rights for publishing and consuming content. The following rights are typical.

Right Type Meaning
DOCEDIT Custom Edit the content.
EDIT Predefined Save the content.
EXPORT Predefined Save the content under a different file name (Save As). Note that, depending on the application, the file might be saved without protection.
EXTRACT Predefined Extract the unencrypted content.
FORWARD Custom Forward the content.
OWNER Custom Grant full control.
PRINT Predefined Print the content.
REPLY Custom Reply to the sender.
REPLYALL Custom Reply to all parties listed.
VIEW Predefined View the content.
VIEWRIGHTSDATA Custom View the available rights.

 

AD RMS Concepts