49 Oracle Information Rights Management

This chapter describes issues associated with Oracle IRM Server and Oracle IRM Desktop, together known as 'Oracle IRM'. Unless otherwise stated, the version of Oracle IRM to which these release notes apply is 11.1.1.3.0 (incorporating version 11.1.20 of Oracle IRM Desktop).

This chapter includes the following topics:

49.1 General Issues and Workarounds

This section describes general issues and workarounds. It includes the following topics:

49.1.1 Renamed Contexts, Roles, and Context Templates are Not Listed Correctly

When a Context, Role or Context Template is renamed, the new name will not immediately be reflected in the list in the left panel of the Oracle IRM Server Management Console.

To see the new name listed correctly, the user must click the Refresh button at the top of the list.

It is particularly important to do this if the name change has resulted in the order of the list changing. This is because, without refreshing the list, the user may appear to be viewing or editing the wrong item.

49.1.2 Some Adobe Reader Buttons Do Not Function

To protect the security of sealed PDF documents, the following Adobe Reader buttons do not function:

  • Email

  • Collaborate

  • Create PDF using Acrobat.com

If you click these buttons, you will see a message that the associated function is unavailable.

All other Adobe Reader controls are available if you have sufficient rights. If you do not have sufficient rights, you will see a message when you attempt to use the control.

A further restriction applies to controls added to the Adobe Reader interface by users when they have a sealed PDF document open: the added control will be inactive until Adobe Reader is closed and reopened.

49.1.3 Selecting Oracle IRM Menu Items on the Control Console Using IE8

If you are using Microsoft Internet Explorer 8 to access the Oracle IRM pages on the Oracle Fusion Middleware Control Console, you may find that menu item selection highlighting does not behave as expected. The correct item will be used when clicking, but a different entry (or none at all) may be indicated as being selected.

49.1.4 Support for Microsoft Windows 2000 Has Been Removed

Oracle IRM no longer supports the Microsoft Windows 2000 operating system.

49.1.5 Unreadable Error Message Text When Client and Server Locales are Different

Error messages are sent to the client (Oracle IRM Desktop) in the language of the server (Oracle IRM Server). Therefore, if the locale of the server is different to the locale of the client, the error code may be rendered in garbage characters. The error code remains readable, and can be provided to support services as necessary.

49.1.6 Changes Lost if Tab Changed Before Applying the Apply Button

On the Oracle IRM Server Management Console, if you make changes on a tabbed page that has an Apply button, and then move to another tab without using the Apply button, the changes will be lost. You will not be prompted to save the changes that you made.

49.1.7 Some File Formats are Not Supported When Using the Microsoft Office 2007 Compatibility Pack with Microsoft Office 2003

The following Microsoft PowerPoint and Microsoft Excel formats are not supported for sealing when using the Office 2007 Compatibility Pack with Office 2003 and earlier: SPOTM, SPOTX, SPPTM, SPPTX, SXLSX, and SXLTX. For these applications, use other file formats that are supported for sealing.

49.1.8 Microsoft Word May Hang if a Sealed Email is Open During Manual Rights Check-In

In Oracle IRM Desktop, if you attempt to check in your rights while a sealed email is open in Microsoft Word, Microsoft Word may hang. It is recommended that you do not check in your rights while a sealed email is open.

49.1.9 Sealed Emails in Lotus Notes will Sometimes Show a Temporary File Name

In Lotus Notes, if a sealed email has a communication thread with multiple messages or replies, the title bar may show a temporary file name instead of the correct subject name. You may also be prompted to save changes when you have not made any. No harm should arise from these anomalies.

49.1.10 Behavior of Automatic Save and Automatic Recovery in Microsoft Office Applications

The behaviour of automatic save and automatic recovery in Microsoft Office applications is as detailed below.

Word

  • All versions: automatic save and recovery of sealed files should behave as normal, with the exception that automatic saving is blocked if the filename contains a dot that is not part of the extension (for example, my.filename.sdoc).

  • In Word 2000, automatic recovery of sealed files will prompt the user to "save as" immediately, rather than when the user clicks the Save button.

PowerPoint

  • PowerPoint XP, 2003: automatic save and recovery of sealed files should behave as normal.

  • PowerPoint 2007: the automatic saving of sealed files does not take place.

  • PowerPoint 2000: automatic save is disabled if sealed files are open, meaning that, if the system crashes, any unsaved changes to any file (sealed or original) will be lost.

Excel

  • All versions: automatically saved Excel files (.xar) will be sealed, but the recovery of these files does not happen automatically. To recover "lost" changes, users need to locate the .xar file and rename it to .sxls.

Because of these restrictions, it is recommended that you do not rely on automatic save and recovery. Instead, save your work frequently when using these applications.

49.1.11 No Support for Sealing Files of 2GB or Larger in Size in Oracle IRM Desktop

Sealing files of size 2GB or larger is not supported in the current release of Oracle IRM Desktop.

49.1.12 Inappropriate Authentication Options After Failed Login on Legacy Servers When Setting Up Search

When setting up indexed search, if you enter incorrect authentication credentials for a legacy server (for example, a 10g Oracle IRM Server) that has been set up for Windows NT authentication, the login retry dialog will show options for Windows basic authentication. You should not use Windows Authentication credentials to log in to legacy servers set up for Windows NT Authentication.

49.1.13 Opening Microsoft Excel files in Microsoft SharePoint

Sealed Microsoft Excel files cannot be opened from the Document Management pane in Microsoft SharePoint.

49.1.14 Opening Legacy Sealed Documents in Microsoft Office 2007 May Fail on First Attempt

If users attempt to open a legacy Microsoft Office 2007 document (a document sealed with an older version of Oracle IRM), and Oracle IRM Desktop has not been synchronized with the server against which the document was sealed, the attempt will fail. The sealed document will not be opened, and the user will not be prompted to authenticate against the server to which the document was sealed. A second attempt to open the sealed document should succeed, because the initial attempt should have synchronized Oracle IRM Desktop with the server. Alternatively, the user can synchronize to the server manually (using the Oracle IRM Desktop Options dialog) before opening a legacy sealed document.

49.1.15 Log Out Link Inoperative When Using OAM 11g for SSO

When using OAM (Oracle Access Management) 11g for SSO, the Log Out link on the Oracle IRM Server Management Console does not log the user out.

49.1.16 Double-byte Languages Cannot be Used for Entering Data with Legacy Servers

This release of Oracle IRM Desktop is available in many more languages than previous releases, including some double-byte languages. However, for legacy (10g) servers, as previously, data (user names, etc.) must still be entered using the 7-bit ASCII range of characters.

49.1.17 Use of SPACE Key Instead of Return Key in Oracle IRM Server

In some dialogs in the Oracle IRM Server Management Console, the Return key does not execute buttons. When this occurs, use the SPACE key instead.

49.1.18 Calendar Controls in Oracle IRM Server Not Accessible Via the Keyboard

In the Oracle IRM Server Management Console, the calendar controls are not accessible via the keyboard, and do not appear if the console is in Screen Reader mode. To enter a date using the keyboard, the date should be typed in.

49.2 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics:

49.2.1 LDAP Reassociation Fails if User and Group Names are Identical

When reassociating an LDAP identity store, the Oracle IRM process for exporting user and group information has an issue if user and group names are identical. If a user and group have identical names, the export process will lose either the user or the group details during the export step. This is because the user or group name is used as the file name, so one file overwrites the other. A post-reassociation workaround is to check user and group right assignments, and to manually reassign any that are missing.

49.2.2 Upgrading Oracle IRM Desktop From Versions Earlier Than 5.5

You can upgrade to this release from Oracle IRM Desktop version 5.5 onwards, by running the installation wizard on the computer that has the older version.

For versions earlier than 5.5, or from any version of SealedMedia Unsealer or Desktop, you can upgrade to this release only by uninstalling the older version and installing this release.

If you are upgrading to this release of Oracle IRM Desktop from a 10g release, you will lose the locally stored rights to use sealed documents (the rights that enable you to continue working when you are offline). When this happens, you will have to obtain new rights by going online and synchronizing with the server. For this reason, do not begin an upgrade unless you have online access to the server.

When upgrading on Windows Vista or Windows 7, you may encounter a file lock and be prompted to retry, ignore, or cancel. You can safely use the ignore option if this happens.

49.2.3 Synchronizing Servers After an Upgrade of Oracle IRM Desktop

If you are upgrading to this release of Oracle IRM Desktop from a 10g release, you will not be synchronized to any servers (Oracle IRM Server). This will show as a blank list on the Servers tab of the Oracle IRM Desktop Options dialog. Servers are automatically added to the list when you open sealed documents for which you have access rights. The easiest way to repopulate your list of servers is to open documents that have been sealed against servers on which you have rights.

49.2.4 Reapplying Lost Settings After an Upgrade of Oracle IRM Desktop

If you are upgrading to this release of Oracle IRM Desktop from a 10g release, your previous settings (as shown on the Oracle IRM Desktop Options dialog) are not applied to the new installation. These include support for email systems, so you should reset these before attempting to work with sealed emails in Microsoft Outlook and Lotus Notes.

49.2.5 Changing Oracle IRM Account When Authenticated Using Username and Password

Oracle IRM Desktop caches user rights in an offline database. In earlier releases, this database was shared by all users of a machine. In this release, there is one offline database per Windows user.

You are strongly advised to use only one Oracle IRM account with each Windows account.

If you authenticate to the server (Oracle IRM Server) with a username and password, you can change the account you use as follows:

  1. On the Update Rights tab of the Oracle IRM Desktop Options dialog, check in rights for all servers by clicking Check in.

  2. On the Servers tab of the Oracle IRM Desktop Options dialog, select the server to be updated and click Clear Password.

  3. Restart Windows.

  4. On the Update Rights tab of the Oracle IRM Desktop Options dialog, synchronize rights for all servers by clicking Synchronize.

Users who are automatically authenticated to the server using Windows authentication cannot change their Oracle IRM account.

Access to the offline database is protected by your Windows credentials. You are no longer required to additionally authenticate to Oracle IRM when working offline.

49.2.6 Post-Installation Steps Required for Oracle IRM Installation Against Oracle RAC

To use Oracle RAC with an Oracle IRM instance, the Oracle IRM data source needs to be altered using the WebLogic Administration Console and the following procedure:

  1. From Services, select JDBC, then select DataSources.

  2. Select the OracleIRM data source.

  3. On the Transaction tab, check Supports Global Transactions, then check Emulate Two-Phase Commit.

  4. Click Save.

This will set the global-transactions-protocol for Oracle IRM data-sources for Oracle RAC to EmulateTwoPhaseCommit.

49.2.7 Enabling Search With Sharepoint 2007

To enable searching of files with Sharepoint 2007, change the configuration as follows:

  1. Run DCOMCNFG.EXE (for example, by entering dcomcnfg into the Windows Run dialog and clicking OK).

  2. Navigate to Component Services, Computers, My Computer, DCOM Config, OracleIRMServiceHost.

  3. Right click and select Properties on OracleIRMServiceHost object.

  4. Navigate to the Security tab in the OracleIRMServiceHost Properties dialog.

  5. On the Security tab, in the Launch and Activation Permissions section, check the Customize check box and then click the Edit button

  6. In the Launch and Activation Permission dialog, click the Add button to open the user selection dialog.

  7. Add Everyone to the object names.

  8. In the Launch and Activation Permission dialog, select the Everyone group name, then check the Local Launch and Local Activation check boxes.

  9. On the Security tab, in the Access Permissions section, check the Customize check box, then click the Edit button.

  10. In the Access Permission dialog, click the Add button to open the user selection dialog.

  11. Add Everyone to the object names.

  12. In the Access Permission dialog, select the Everyone group name, then check the Local Access check box.

Follow these steps to restart the OracleIRMServiceHost service with the new DCOM settings:

  1. Start the service management console (for example, by entering services.msc into the Windows Run dialog and clicking OK).

  2. Find the OracleIRMServiceHost service in the list of services.

  3. Right-click OracleIRMServiceHost and select Restart.

49.2.8 Enabling the Oracle IRM Installation Help Page to Open in a Non-English Server Locale

Use the following procedure to enable the Oracle IRM installation help page to open in a non-English server locale:

  1. Unzip the shiphome.

  2. Extract all the non-HTM files (7 files in total) from help\en in the ecminstallhelp.jar file located in Disk1\stage\ext\jlib\

  3. Put these 7 files into the folder jar for the locale in which you will install ECM.

  4. Overwrite ecminstallhelp.jar with the modified version.

49.3 Documentation Errata

There are no known issues at this time.