Partager via


Usage restriction reference

Usage restrictions are defined by the constants listed in this topic.

Each user right, listed in the AD RMS right column, has a description, an enforcement point, and suggested methods for enforcement.

AD RMS right/description How to enforce
IPC_GENERIC_ALL
Grants all rights to the user.
Common enforcement points:
None
This right is used by the system and generally should not be checked directly.
[IpcAccessCheck](ipcaccesscheck.md) uses this right to determine whether to grant the user other rights as in this example.
C++
// fAccessGranted is set to TRUE if either the IPC_GENERIC_WRITE
// or the IPC_GENERIC_ALL right is granted
IpcAccessCheck(hKey, IPC_GENERIC_WRITE, &fAccessGranted);

IPC_GENERIC_READ

The right to read document contents.

Common enforcement points:

Document load

Don't load or present document contents

IPC_GENERIC_WRITE

The right to edit document contents.

Common enforcement points:

Document modification

Make any UI controls that can be used to modify document contents non-editable.

Disable any menu items that trigger document changes. Edit > Cut, Edit > Paste, and Insert are typical examples.

Disable any shortcut menu items that trigger document changes.

No AD RMS right

No description

Common enforcement points:

Save

Disable the File > Save menu.

[!Note]
This right does not control File > Save As because that right does not represent a change to the original document.

Disable any keyboard shortcut that can be used to trigger a save (for example, Ctrl+S).

[!Tip]
A best practice is to update your core File > Save code to fail if the user doesn't have this right. This acts as a safety net if you miss any UX mechanisms that can be used to trigger a save.

IPC_GENERIC_EXTRACT

The right to extract content from a protected format and place it in an unprotected format.

Common enforcement points:

Copy-to-clipboard

Disable the Edit > Copy menu. Disable the Edit > Cut menu.

Disable Copy and Cut from any shortcut menus.

Disable any keyboard shortcut that can be used to trigger a copy (for example, Ctrl+C or Ctrl+X).

Update window message handlers for [WM_COPY](/windows/win32/dataxchg/wm-copy) and [WM_CUT](/windows/win32/dataxchg/wm-cut) to reject copying of data if the user does not have this right. If the window is using the default Windows-provided message handler, subclass this window and provide your own handlers for WM_COPY and WM_CUT.

No AD RMS right

No description

Common enforcement points:

Save As

In your Save As dialog box, disable any file formats that would result in the document being saved without RMS protection.

No AD RMS right

No description

Common enforcement points:

Alt+PrtScn

Call [IpcProtectWindow](ipcprotectwindow.md) on any windows that render document contents.

IPC_GENERIC_EXPORT

The right to extract content from a protected format and place it in a different AD RMS-protected format.

Common enforcement points:

Save As

In your Save As dialog box, disable the ability to save to any other file formats.

[!Tip]
A best practice is to update your core File > Save As code to fail if the user attempts to save this file to a different format and doesn't have this right. This acts as a safety net if you miss any UX mechanisms that can be used to trigger a save as.

IPC_GENERIC_PRINT

The right to print document contents.

Common enforcement points:

Print

Disable the File > Print menu.

Disable any keyboard shortcut that could be used to trigger a print (for example, Ctrl+P).

Disable shortcut menu items that could be used to trigger a print.

[!Tip]
A best practice is to update your core File > Print code to fail if the user doesn't have this right. This acts as a safety net if you miss any UX mechanisms that can be used to trigger a print.

IPC_GENERIC_COMMENT

Some applications support the ability to add comments and annotations to the document without updating core document contents.

This right grants the user access to this capability.

Common enforcement points:

Review > Insert comment

Review > Delete Comment

Disable any menu items that can be used to modify document comments or annotations. Review > Insert comment and Review > Delete Comment are examples.

Disable any keyboard shortcut that could trigger modification of document comments.

[!Note]
A default implementation requires both IPC_GENERIC_COMMENT and IPC_GENERIC_WRITE to persist new comments to a file. Applications may choose to add support for the case where the IPC_GENERIC_COMMENT right is granted and the IPC_GENERIC_WRITE right is not. In this case, it is permitted to allow Save, as long as document modifications are restricted to comments only.

IPC_VIEW_RIGHTS

No description

Common enforcement points:

N/A

Enforced by the system. The system will not allow the developer to query the [user rights list](ipc-user-rights-list.md) from a license unless this right is granted.

IPC_EDIT_RIGHTS

Some applications allow users to modify the set of users and rights for AD RMS-protected content.

This right grants the user access to this capability.

Common enforcement points:

Application rights editing UI control

Disable user access to any UI that can be used to edit the RMS policy for a document.