|Oracle® Fusion Middleware Administrator's Guide for Oracle Information Rights Management Server
Part Number E12321-01
Oracle IRM distributes rights management between centralized servers and desktop agents. Authors continue to create documents and emails in their existing document and email applications.
Oracle IRM enables documents or emails to be automatically or manually sealed at any stage in their lifecycle, using sealing tools integrated into the Windows desktop, authoring applications, email clients, and content management and collaborative repositories. Sealing wraps documents and emails within a layer of strong encryption and digital signatures, together with indelible links back to network-hosted servers (operated by the organization to which the information belongs) that store the decryption keys and associated access rights.
Sealed documents and emails can be distributed by any existing means, such as email, web, file share, etc.
Access to sealed documents or emails is governed by rights, such as the right to open a document, the right to print it, and the right to copy information from it and paste it into another document. The rights are defined and assigned centrally by administrators, who group combinations of rights and end user identities into one or more "contexts". Authors control access to their documents by selecting the most appropriate predefined context at the time they seal it. The result is that authors do not make complex rights management decisions when they seal a new document.
Rights are stored on a server, separately from sealed documents and emails, enabling them to be assigned, updated or unassigned at any time. Access to and use of a particular sealed document can change throughout its life.
To create and use sealed documents and emails within their existing desktop applications, end users must download and install a single, small, universal agent called Oracle IRM Desktop. Oracle IRM Desktop authenticates users, transparently requesting rights from the server (Oracle IRM Server), and protecting and tracking sealed documents and emails while in use within native desktop applications.
User rights and audit records are automatically synchronized between Oracle IRM Desktop and Oracle IRM Server, ensuring completely transparent offline working without sacrificing revocability or requiring end users to remember to synchronize.
Oracle IRM Desktop and Oracle IRM Server together audit all attempted and actual end user access to sealed documents or emails, and all administrative operations such as assigning or revoking rights. The Oracle IRM Server management console provides audit reporting. Audit records are stored in the Oracle IRM Server database.