9 Oracle IRM Desktop Reference

This section covers the following topics:

9.1 List of Oracle IRM Fields


The fields listed in this section are for use only with content sealed against 11g versions of Oracle IRM Server. For content sealed against 10g versions of Oracle IRM Server, fields must continue to be inserted as described in the 10g user documentation. The former SealedMedia_ and OracleIRM_ name prefixes will continue to be recognized for the foreseeable future for use with 10g content.

The Oracle IRM solution supports a number of fields that you can add to documents before sealing them. When Oracle IRM Desktop opens a document that contains an Oracle IRM field, it transforms the field into the relevant item of information. A document can contain many Oracle IRM fields.

Typically, the following two fields provide a sufficient reminder of the sensitive nature of a document, and the user responsible for opening a specific copy:

  • irm-account-name

  • irm-classification-name

The complete list of Oracle IRM fields that you can consider using is as follows:

  • irm-time

    All fields that end with -time will show Coordinated Universal Time (UTC).

  • irm-time-local

    All fields that end with -time-local will show the local time, with the number of hours ahead or behind UTC included in parentheses.

  • irm-locale

  • irm-location

  • irm-mime

  • irm-extension

  • irm-account-uuid

  • irm-account-name

  • irm-creation-time

  • irm-creation-time-local

  • irm-edit-time

  • irm-edit-time-local

  • irm-schema-version

  • irm-classification-name

  • irm-classification-description

  • irm-classification-xml

  • irm-classification-keyset

  • irm-classification-system

  • irm-classification-time

  • irm-classification-time-local

  • irm-classification-uri

  • irm-host

  • irm-context-itemcode-value

  • irm-context-itemcode-time

  • irm-context-itemcode-time-local

  • irm-context-uuid

9.2 Frequently Asked Questions

This section covers the following topics:

I have been prompted to log in manually, and I have forgotten my credentials. What do I do?

If you have access to a password reset page, browse to that page and use it to reset your password. Otherwise, contact an Oracle IRM Server administrator for assistance.

I have logged in successfully but Oracle IRM Desktop says I do not have the rights to access a document. What do I do?

Oracle IRM Desktop usually redirects you to a web page that provides contact details for the person who can give you the rights you need. Contact that person and explain which document you are trying to open, and why you need access to it. They will decide whether it is appropriate to give you any rights.

If you see a message saying that your rights are already checked out to another computer, you need to check in your rights from that computer, or wait for the rights to expire.

When I log in I get a "Cannot connect to server" message. What do I do?

If you cannot connect to the server (Oracle IRM Server), there may be a problem with your network connection. If you connect to the Internet from a corporate network, you may need assistance from your network administrator to resolve the problem. Use the Oracle IRM Server Connection Test dialog to diagnose the problem. (Open this dialog from the Test link on the page that reported the error.)

If you see this message for only some documents, but can open others, then it is possible that you are being served by multiple Oracle IRM servers, one of which is temporarily unavailable.

I had a sealed document open and it just disappeared. What's happened?

Your rights have expired and you have been redirected to a web page.

If you are working offline, then go online and try to open the document again. It is possible that your locally cached rights have expired and that more rights can be obtained as soon as you go online.

If your rights have expired permanently, then the web page should provide contact details for the administrators who are authorized to grant you more rights.

If you were editing a sealed document online when your rights expired or were revoked, you will lose any unsaved changes. If your rights were downgraded, or if your locally cached rights expired, you are given an opportunity to save changes.

I am no longer able to edit the document I am working with. What's happened?

This is rare, but it is possible that your rights have been reduced since you started working on the document. If you think this might be the case, contact the owner of the context to which the document is sealed.

I have two sealed documents from the same originator, but I can access only one of them. Why?

It is quite usual for documents to be sealed to different contexts even if they come from the same originator. For example, you might receive documents sealed to a "Company Confidential" context and others sealed to a "Board Matters" context. It is likely that your rights for these two contexts will be different, such that you can only open one, or you can open them both, but edit only one.

Why has my account been locked out?

As a security measure, the Oracle IRM Server administrator has configured an account lock-out policy that prevents anyone from trying to guess passwords. If your account has been locked out, it is possible that someone else has been trying to log in using your account. Depending on the lock-out policy, your account might become accessible again after a short period, or might need to be manually reset. Contact your Oracle IRM Server administrator for further information.

Why can't I work with sealed Microsoft Office documents in the same way I work with normal ones?

The purpose of sealing documents is to control who has access, and who has edit rights. Edit rights are fine-grained, so you might find that you cannot use all of the Microsoft Office features you are familiar with. For example, you might find that you cannot print a sealed document, or that you are prevented from pasting information from one sealed document to another, or that the track changes option is always on.

Oracle IRM's goal is that using sealed documents should be very similar to using unsealed documents, if you have the necessary set of rights. Where rights are granted, you should be able to do what you usually do in most cases. In some cases, the need to protect a document might mean that options you are familiar with need to be disabled because they provide security loopholes.

How do I seal email messages and threads?

See Section 5, "Using Sealed Email". To use sealed email to full advantage, you need to enable email integration in Oracle IRM Desktop.

How do I add distinctive watermarks and headers and footers to sealed documents?

See Section 6, "Working With Oracle IRM Fields and Watermarks".

How do I save changes I have made to VB code in a sealed document?

To maintain the security of the VB code, it is not possible to save your VB code changes directly in the sealed document.

Use the following procedure to save changes that you have made to VB code in a sealed document:

  1. Select the container document for the VB code document that you have changed.

  2. Select Save in the container document.

How does Oracle IRM handle and protect objects embedded in sealed Microsoft Office documents?

You can seal a Microsoft Office document that already contains an embedded object, but not insert a new object into an existing sealed document. If an object was present in the document before it was sealed, Oracle IRM prevents the object from being edited. This does not apply to the data in charts (within chart objects), which is protected by Oracle IRM. Chart objects can be inserted into Microsoft Office documents, and full interaction with them is allowed.

Data stored as part of the embedded object inside a sealed file is fully protected by Oracle IRM. However, if the embedded object references external data (that is, data external to the sealed file, such as in a database or external files) Oracle IRM will only protect access to it from within the sealed file, and alternative methods of protecting the data for other ways of access must be provided.

9.3 Troubleshooting

This section covers the following topics:

9.3.1 Proxy Issues

Oracle IRM Desktop needs to be able to communicate with a rights server (Oracle IRM Server) so that you can open sealed documents.

Oracle IRM Desktop communicates with 10g versions of Oracle IRM Server using a secure, encrypted variant of the HTTP protocol used by web browsers. Your network configuration might prevent this protocol from reaching Oracle IRM Server. For 11g versions of Oracle IRM Server, standardized HTTPS communications are used.

There are two types of network configuration that can cause problems:

  • Proxy servers

    Your network might require Oracle IRM Desktop communications to pass through a specific computer, known as a proxy server. If so, then your browser also needs to use a proxy server, and should already have the required proxy server settings. Oracle IRM Desktop uses the same settings, so proxy servers should not cause problems.

    However, if your Oracle IRM Desktop is failing to communicate with Oracle IRM Server, and Oracle IRM Desktop tests report that there is a proxy server, report the problem to your network administrator.

    The use of proxy servers with indexed search integration will be problematic and is not advised.

  • Firewalls

    A firewall monitors all communications between your local network and remote networks, and prevents any communications that it considers a security risk. Oracle IRM Desktop uses standard web browsing protocol. If your firewall allows you to browse the world wide web, you should also be able to communicate with Oracle IRM Server.

    If browsing the web is not permitted, you need to talk to your network administrator to arrange to allow communications to Oracle IRM Server. The firewall needs to allow outbound connections to the Oracle IRM Server address and port, and allow responses to such connections.

    You can use the Oracle IRM Desktop test facility to find out what address and port Oracle IRM Desktop is trying to contact, and then configure the firewall to allow the communication to succeed.

9.3.2 Sealed Documents Block Screen Captures

If you attempt to make a screen capture when a sealed document is on screen, the captured image often shows the sealed document in the foreground even though the sealed document is really in the background. This can mean that the application you were trying to capture is hidden.

This is intended behavior that prevents sealed documents being captured through transparent foreground applications. See Section 4.9, "Screen Capturing Sealed Documents".

9.4 Formats

Sealed documents have file icons and extensions that are slightly different to their unsealed counterparts. The table below shows the icons and extensions for the supported types of sealed document.

File icon Unsealed extension Sealed extension Sealed MIME type
File icon for spdf pdf spdf application/vnd.sealedmedia.softseal.pdf
File icon for stml html | htm stml application/vnd.sealedmedia.softseal.html
File icon for spng png spng image/vnd.sealed.png
File icon for sgif gif sgif image/vnd.sealedmedia.softseal.gif
File icon for sjpg jpeg | jpg sjpg image/vnd.sealedmedia.softseal.jpeg
File icon for sdoc doc sdoc application/vnd.sealed.doc
File icon for sppt ppt sppt application/vnd.sealed.ppt
File icon for sxls xls sxls application/vnd.sealed.xls
File icon for sdot dot sdot application/vnd.sealed.template
File icon for sxlt xlt sxlt application/vnd.sealed.template
File icon for spot pot spot application/vnd.sealed.template
File icon for docx docx sdocx application/vnd.sealed.docx
File icon for sdocm docm sdocm application/vnd.sealed.docm
File icon for sdotx dotx sdotx application/vnd.sealed.dotx
File icon for sdotm dotm sdotm application/vnd.sealed.dotm
File icon for spptx pptx spptx application/vnd.sealed.pptx
File icon for spptm pptm spptm application/vnd.sealed.pptm
File icon for spotx potx spotx application/vnd.sealed.potx
File icon for spotm potm spotm application/vnd.sealed.potm
File icon for sxlsx xlsx sxlsx application/vnd.sealed.xlsx
File icon for sxlsm xlsm sxlsm application/vnd.sealed.xlsm
File icon for sxltx xltx sxltx application/vnd.sealed.xltx
File icon for sxltm xltm sxltm application/vnd.sealed.xltm
File icon for smov mov smov video/vnd.sealedmedia.softseal.mov
File icon for smp1 mpeg | mpg smp1 video/vnd.sealed.mpeg1
File icon for smp4 mp4 smp4 video/vnd.sealed.mpeg4
File icon for sxml xml sxml application/vnd.sealed.xml
File icon for stxt txt stxt application/vnd.sealed.txt
File icon for srtf rtf srtf application/vnd.sealed.rtf
File icon for scsv csv scsv application/vnd.sealed.csv
File icon for seml doc seml application/vnd.sealed.eml.doc
File icon for seml rtf seml application/vnd.sealed.eml.rtf
File icon for seml txt seml application/vnd.sealed.eml.txt

9.5 Registry Key Information

This information is useful to administrators who want to use group policy to prevent users from changing Oracle IRM Desktop configuration settings. See Section 1.6, "Registry Key Policy Setting".

Oracle IRM Desktop Settings

See Section 1.5.2, "Oracle IRM Desktop Settings" for possible values for these properties (and other related information).

Value name Sub key path Type
ShowTrayIcon \Unsealer\ DWORD
HideIEToolbars \Unsealer\ DWORD
OfficeEnabled \Unsealer\ DWORD
ShowIrmBar \Unsealer\ DWORD
AllowOnlineStatusPage \Unsealer\ DWORD
OpenCSVPolicy \Unsealer\ DWORD

Desktop Sealing Settings

See Section 1.5.3, "Desktop Sealing Settings" for possible values for these properties (and other related information).

Value name Sub key path Type
Activated \DesktopSealer\ DWORD
DeleteSourceFiles \DesktopSealer\ DWORD
ClassificationMruSize \DesktopSealer\Recent DWORD
OpenNewSealedFile \DesktopSealer\ DWORD

Synchronization Manager Settings

See Section 1.5.4, "Synchronization Manager Settings" for possible values for these properties (and other related information).

Value name Sub key path Type
InitialServers \Sync\InitialServers STRINGs
LockedServers \Sync\LockedServers STRINGs
AutoSyncEnabled \Sync\ DWORD
DefaultRetry \Sync\ STRING
DefaultCatchup \Sync\ STRING
LogLevel \Sync\ DWORD
ShowSuccessInfo \Sync\ DWORD
ShowFailureInfo \Sync\ DWORD

Search Settings

See Section 1.5.5, "Search Settings" for possible values for these properties (and other related information).

Value name Sub key path Type
Enabled \Search\ DWORD
ReportErrors \Search\ DWORD
ReportWarnings \Search\ DWORD
ReportInformation \Search\ DWORD

Email Settings

See Section 1.5.6, "Email Settings" for possible values for these properties (and other related information).

Value name Sub key path Type
OutlookActivated \Email\ DWORD
GroupWiseActivated \Email\ DWORD
DisplayCloseSEMLWarning \Email\ DWORD
DisplaySendAttachmentsWarning \Email\ DWORD
DisplayInvalidFormatWarning \Email\ DWORD
BodyFile \Email\Options\Body STRING
EmailBodyType \Email\Options\Body DWORD
PlainTextBody \Email\Options\Body STRING
IndentReply \Email\Options\Reply DWORD
FontCharSet \Email\Options\Reply\Font DWORD
FontEffects \Email\Options\Reply\Font DWORD
FontFaceName \Email\Options\Reply\Font STRING
FontHeight \Email\Options\Reply\Font DWORD
FontMask \Email\Options\Reply\Font DWORD
FontOffset \Email\Options\Reply\Font DWORD
FontPitchAndFamily \Email\Options\Reply\Font DWORD
FontTextColor \Email\Options\Reply\Font DWORD
SealedEmailFormat \Email\Options\SealFormat DWORD
SignatureOnNew \Email\Options\Signature DWORD
SignatureOnReply \Email\Options\Signature DWORD
UseCustomTemplate \Email\Options\Template DWORD
TemplateFile \Email\Options\Template STRING

Authentication Settings

See Section 1.5.7, "Authentication Settings" for possible values for these properties (and other related information).

Value name Sub key path Type
DisableSaveCredentials \Authentication\ DWORD
SuppressPrivacyPolicyDialog \Authentication\ DWORD

Legacy Settings

See Section 1.5.8, "Legacy Setting" for possible values for these properties (and other related information).

Value name Sub key path Type
ShowAuthenticationMenu \Legacy\ DWORD
DataDirectory \Legacy\ STRING

Local Data Clean-Up Settings

See Section 1.5.9, "Local Data Clean-Up Setting" for possible values for these properties (and other related information).

Value name Sub key path Type
Clean \LocalData\ DWORD
CleanCurrentUser \LocalData\ DWORD