RMS Rights Translation: Policy Template Rights vs Office Rights vs SharePoint Permissions
The table below describes the relationships between ADRMS rights in policy templates and Office applications. http://technet.microsoft.com/en-us/library/cc179103.aspx
| Policy Template Rights | Microsoft Office Rights |
| Full Control | Full Control (visible only in "More Options" protection dialog box) |
| View | Read |
| Edit | Change |
| Save | Change |
| Export (Save As) | (Included in Full Control) |
| Print content (visible only as checkbox in "More Options" protection dialog box; user must have at least "Read" to print) | |
| Extract | Allow users with read access to copy content (visible only as checkbox in "More Options" protection dialog box; user must have at least "Read" to copy content to the clipboard) (Included in Change) |
| Allow Macros | Access content programmatically (visible only as checkbox in "More Options" protection dialog box; results in the program getting the same rights as the user running the program, could be "Read" or "Change") |
| View Rights | (Included in Read or higher) |
| Edit Rights | (Included in Full Control) |
| Forward | Not applicable |
| Reply | Not applicable |
| Reply All | Not applicable |
The table below describes how SharePoint translates its permissions to RMS rights. http://technet.microsoft.com/en-us/library/ee259515(v=WS.10).aspx
| Policy Template Rights | Translation of SharePoint Permissions to Usage Rights |
| Full Control | Manage Permissions, Manage Web Site: will be applied via ADRMS as "Full Control" |
| View | View Items |
| Edit | Edit Items, Manage Lists, Add and Customize Pages: will be applied via ADRMS as "Edit", "Copy" ("Extract"), and "Save" |
| Save | Edit Items, Manage Lists, Add and Customize Pages: will be applied via ADRMS as "Edit", "Copy" ("Extract"), and "Save" |
| Export (Save As) | Manage Permissions, Manage Web Site: will be applied via ADRMS as "Full Control" |
| Allow users to print documents: managed at the library or list level, not on folders or individual documents (user must have at least "Read" to print) | |
| Extract | Edit Items, Manage Lists, Add and Customize Pages: will be applied via ADRMS as "Edit", "Copy" ("Extract"), and "Save" |
| Allow Macros | Allow users to access content programmatically: managed at the library or list level, not on folders or individual documents (results in the program getting the same rights as the user running the program, could be "Read" or "Change") |
| View Rights | Automatically included with any rights (results in any user with Read or higher being able to view rights) |
| Edit Rights | Manage Permissions, Manage Web Site: will be applied via ADRMS as "Full Control" |
| Forward | Not applicable |
| Reply | Not applicable |
| Reply All | Not applicable |
The table below describes how RMS rights are generally enforced. http://technet.microsoft.com/en-us/library/dd996658(v=WS.10).aspx
| Policy Template Rights | Rights Enforcement |
| Full Control | If granted, this right allows a user to exercise all rights in the license, whether or not the rights are specifically granted to that user. |
| View | If this right is granted, the ADRMS client allows protected content to be decrypted. Typically, when this right is granted, the application will allow the user to view protected content. |
| Edit | If this right is granted, the ADRMS client allows protected content to be decrypted and then reencrypted by using the same content key. Typically, when this right is granted, the application will allow the user to change protected content and then save it to the same file. This right is effectively identical to the Save right. |
| Save | If this right is granted, the ADRMS client allows protected content to be decrypted and then reencrypted by using the same content key. Typically, when this right is granted, the application will allow the user to change protected content and then save it to the same file. This right is effectively identical to the Edit right. |
| Export (Save As) | If this right is granted, the ADRMS client allows protected content to be decrypted and then optionally reencrypted by using the same content key. Typically, when this right is granted, the application will allow the user to use the “Save As” feature to save protected content to a new file. Depending on the application, the content might be saved without protection. |
| Typically, when this right is granted, the application will allow the user to print protected content. | |
| Extract | Typically, when this right is granted, the application will allow the user to copy and paste information from protected content. |
| Allow Macros | Typically, when this right is granted, the application will allow the user to run macros in the document or use an editor to modify macros in the document. |
| View Rights | If this right is granted, the ADRMS client allows a user to create a new publishing license from the existing license, but the content key is not preserved. |
| Edit Rights | If this right is granted, the ADRMS client allows a user to edit the user rights that are assigned by the license while keeping the same content key. |
| Forward | Typically, when this right is granted, the application will allow an email recipient to forward a protected message. |
| Reply | Typically, when this right is granted, the application will allow an email recipient to reply to a protected message and include a copy of the original message. |
| Reply All | Typically, when this right is granted, the application will allow an email recipient to reply to all recipients of a protected message and include a copy of the original message. |
The table below describes the permission sets in Azure RMS and which specific rights are included in that set.
| Azure RMS Permission Set | Permissions Included in the Set |
| Viewer | View, Reply, Reply All |
| Reviewer | View, Edit, Reply, Reply All, Forward |
| Co-Author | View, Edit, Copy, Print, Reply, Reply All, Forward |
| Co-Owner | [All rights] |