This section covers the following topics:
Note:
The fields listed in this section are for use only with content sealed against 11g versions of Oracle IRM Server. For content sealed against 10g versions of Oracle IRM Server, fields must continue to be inserted as described in the 10g user documentation. The formerSealedMedia_
and OracleIRM_
name prefixes will continue to be recognized for the foreseeable future for use with 10g content.The Oracle IRM solution supports a number of fields that you can add to documents before sealing them. When Oracle IRM Desktop opens a document that contains an Oracle IRM field, it transforms the field into the relevant item of information. A document can contain many Oracle IRM fields.
Typically, the following two fields provide a sufficient reminder of the sensitive nature of a document, and the user responsible for opening a specific copy:
irm-account-name
irm-classification-name
The complete list of Oracle IRM fields that you can consider using is as follows:
irm-time
All fields that end with -time will show Coordinated Universal Time (UTC).
irm-time-local
All fields that end with -time-local will show the local time, with the number of hours ahead or behind UTC included in parentheses.
irm-locale
irm-location
irm-mime
irm-extension
irm-account-uuid
irm-account-name
irm-creation-time
irm-creation-time-local
irm-edit-time
irm-edit-time-local
irm-schema-version
irm-classification-name
irm-classification-description
irm-classification-xml
irm-classification-keyset
irm-classification-system
irm-classification-time
irm-classification-time-local
irm-classification-uri
irm-host
irm-context-itemcode-value
irm-context-itemcode-time
irm-context-itemcode-time-local
irm-context-uuid
This section covers the following topics:
I have been prompted to log in manually, and I have forgotten my credentials. What do I do?
When I log in I get a "Cannot connect to server" message. What do I do?
I had a sealed document open and it just disappeared. What's happened?
I am no longer able to edit the document I am working with. What's happened?
I have two sealed documents from the same originator, but I can access only one of them. Why?
Why can't I work with sealed Microsoft Office documents in the same way I work with normal ones?
How do I add distinctive watermarks and headers and footers to sealed documents?
How do I save changes I have made to VB code in a sealed document?
How does Oracle IRM handle and protect objects embedded in sealed Microsoft Office documents?
I have been prompted to log in manually, and I have forgotten my credentials. What do I do?
If you have access to a password reset page, browse to that page and use it to reset your password. Otherwise, contact an Oracle IRM Server administrator for assistance.
I have logged in successfully but Oracle IRM Desktop says I do not have the rights to access a document. What do I do?
Oracle IRM Desktop usually redirects you to a web page that provides contact details for the person who can give you the rights you need. Contact that person and explain which document you are trying to open, and why you need access to it. They will decide whether it is appropriate to give you any rights.
If you see a message saying that your rights are already checked out to another computer, you need to check in your rights from that computer, or wait for the rights to expire.
When I log in I get a "Cannot connect to server" message. What do I do?
If you cannot connect to the server (Oracle IRM Server), there may be a problem with your network connection. If you connect to the Internet from a corporate network, you may need assistance from your network administrator to resolve the problem. Use the Oracle IRM Server Connection Test dialog to diagnose the problem. (Open this dialog from the Test link on the page that reported the error.)
If you see this message for only some documents, but can open others, then it is possible that you are being served by multiple Oracle IRM servers, one of which is temporarily unavailable.
I had a sealed document open and it just disappeared. What's happened?
Your rights have expired and you have been redirected to a web page.
If you are working offline, then go online and try to open the document again. It is possible that your locally cached rights have expired and that more rights can be obtained as soon as you go online.
If your rights have expired permanently, then the web page should provide contact details for the administrators who are authorized to grant you more rights.
If you were editing a sealed document online when your rights expired or were revoked, you will lose any unsaved changes. If your rights were downgraded, or if your locally cached rights expired, you are given an opportunity to save changes.
I am no longer able to edit the document I am working with. What's happened?
This is rare, but it is possible that your rights have been reduced since you started working on the document. If you think this might be the case, contact the owner of the context to which the document is sealed.
I have two sealed documents from the same originator, but I can access only one of them. Why?
It is quite usual for documents to be sealed to different contexts even if they come from the same originator. For example, you might receive documents sealed to a "Company Confidential" context and others sealed to a "Board Matters" context. It is likely that your rights for these two contexts will be different, such that you can only open one, or you can open them both, but edit only one.
Why has my account been locked out?
As a security measure, the Oracle IRM Server administrator has configured an account lock-out policy that prevents anyone from trying to guess passwords. If your account has been locked out, it is possible that someone else has been trying to log in using your account. Depending on the lock-out policy, your account might become accessible again after a short period, or might need to be manually reset. Contact your Oracle IRM Server administrator for further information.
Why can't I work with sealed Microsoft Office documents in the same way I work with normal ones?
The purpose of sealing documents is to control who has access, and who has edit rights. Edit rights are fine-grained, so you might find that you cannot use all of the Microsoft Office features you are familiar with. For example, you might find that you cannot print a sealed document, or that you are prevented from pasting information from one sealed document to another, or that the track changes option is always on.
Oracle IRM's goal is that using sealed documents should be very similar to using unsealed documents, if you have the necessary set of rights. Where rights are granted, you should be able to do what you usually do in most cases. In some cases, the need to protect a document might mean that options you are familiar with need to be disabled because they provide security loopholes.
How do I seal email messages and threads?
See Section 5, "Using Sealed Email". To use sealed email to full advantage, you need to enable email integration in Oracle IRM Desktop.
How do I add distinctive watermarks and headers and footers to sealed documents?
See Section 6, "Working With Oracle IRM Fields and Watermarks".
How do I save changes I have made to VB code in a sealed document?
To maintain the security of the VB code, it is not possible to save your VB code changes directly in the sealed document.
Use the following procedure to save changes that you have made to VB code in a sealed document:
Select the container document for the VB code document that you have changed.
Select Save in the container document.
How does Oracle IRM handle and protect objects embedded in sealed Microsoft Office documents?
You can seal a Microsoft Office document that already contains an embedded object, but not insert a new object into an existing sealed document. If an object was present in the document before it was sealed, Oracle IRM prevents the object from being edited. This does not apply to the data in charts (within chart objects), which is protected by Oracle IRM. Chart objects can be inserted into Microsoft Office documents, and full interaction with them is allowed.
Data stored as part of the embedded object inside a sealed file is fully protected by Oracle IRM. However, if the embedded object references external data (that is, data external to the sealed file, such as in a database or external files) Oracle IRM will only protect access to it from within the sealed file, and alternative methods of protecting the data for other ways of access must be provided.
This section covers the following topics:
Oracle IRM Desktop needs to be able to communicate with a rights server (Oracle IRM Server) so that you can open sealed documents.
Oracle IRM Desktop communicates with 10g versions of Oracle IRM Server using a secure, encrypted variant of the HTTP protocol used by web browsers. Your network configuration might prevent this protocol from reaching Oracle IRM Server. For 11g versions of Oracle IRM Server, standardized HTTPS communications are used.
There are two types of network configuration that can cause problems:
Proxy servers
Your network might require Oracle IRM Desktop communications to pass through a specific computer, known as a proxy server. If so, then your browser also needs to use a proxy server, and should already have the required proxy server settings. Oracle IRM Desktop uses the same settings, so proxy servers should not cause problems.
However, if your Oracle IRM Desktop is failing to communicate with Oracle IRM Server, and Oracle IRM Desktop tests report that there is a proxy server, report the problem to your network administrator.
The use of proxy servers with indexed search integration will be problematic and is not advised.
Firewalls
A firewall monitors all communications between your local network and remote networks, and prevents any communications that it considers a security risk. Oracle IRM Desktop uses standard web browsing protocol. If your firewall allows you to browse the world wide web, you should also be able to communicate with Oracle IRM Server.
If browsing the web is not permitted, you need to talk to your network administrator to arrange to allow communications to Oracle IRM Server. The firewall needs to allow outbound connections to the Oracle IRM Server address and port, and allow responses to such connections.
You can use the Oracle IRM Desktop test facility to find out what address and port Oracle IRM Desktop is trying to contact, and then configure the firewall to allow the communication to succeed.
If you attempt to make a screen capture when a sealed document is on screen, the captured image often shows the sealed document in the foreground even though the sealed document is really in the background. This can mean that the application you were trying to capture is hidden.
This is intended behavior that prevents sealed documents being captured through transparent foreground applications. See Section 4.9, "Screen Capturing Sealed Documents".
Sealed documents have file icons and extensions that are slightly different to their unsealed counterparts. The table below shows the icons and extensions for the supported types of sealed document.
File icon | Unsealed extension | Sealed extension | Sealed MIME type |
---|---|---|---|
spdf | application/vnd.sealedmedia.softseal.pdf | ||
html | htm | stml | application/vnd.sealedmedia.softseal.html | |
png | spng | image/vnd.sealed.png | |
gif | sgif | image/vnd.sealedmedia.softseal.gif | |
jpeg | jpg | sjpg | image/vnd.sealedmedia.softseal.jpeg | |
doc | sdoc | application/vnd.sealed.doc | |
ppt | sppt | application/vnd.sealed.ppt | |
xls | sxls | application/vnd.sealed.xls | |
dot | sdot | application/vnd.sealed.template | |
xlt | sxlt | application/vnd.sealed.template | |
pot | spot | application/vnd.sealed.template | |
docx | sdocx | application/vnd.sealed.docx | |
docm | sdocm | application/vnd.sealed.docm | |
dotx | sdotx | application/vnd.sealed.dotx | |
dotm | sdotm | application/vnd.sealed.dotm | |
pptx | spptx | application/vnd.sealed.pptx | |
pptm | spptm | application/vnd.sealed.pptm | |
potx | spotx | application/vnd.sealed.potx | |
potm | spotm | application/vnd.sealed.potm | |
xlsx | sxlsx | application/vnd.sealed.xlsx | |
xlsm | sxlsm | application/vnd.sealed.xlsm | |
xltx | sxltx | application/vnd.sealed.xltx | |
xltm | sxltm | application/vnd.sealed.xltm | |
mov | smov | video/vnd.sealedmedia.softseal.mov | |
mpeg | mpg | smp1 | video/vnd.sealed.mpeg1 | |
mp4 | smp4 | video/vnd.sealed.mpeg4 | |
xml | sxml | application/vnd.sealed.xml | |
txt | stxt | application/vnd.sealed.txt | |
rtf | srtf | application/vnd.sealed.rtf | |
csv | scsv | application/vnd.sealed.csv | |
doc | seml | application/vnd.sealed.eml.doc | |
rtf | seml | application/vnd.sealed.eml.rtf | |
txt | seml | application/vnd.sealed.eml.txt |
This information is useful to administrators who want to use group policy to prevent users from changing Oracle IRM Desktop configuration settings. See Section 1.6, "Registry Key Policy Setting".
See Section 1.5.2, "Oracle IRM Desktop Settings" for possible values for these properties (and other related information).
Value name | Sub key path | Type |
---|---|---|
ShowTrayIcon | \Unsealer\ | DWORD |
HideIEToolbars | \Unsealer\ | DWORD |
OfficeEnabled | \Unsealer\ | DWORD |
ShowIrmBar | \Unsealer\ | DWORD |
AllowOnlineStatusPage | \Unsealer\ | DWORD |
OpenCSVPolicy | \Unsealer\ | DWORD |
See Section 1.5.3, "Desktop Sealing Settings" for possible values for these properties (and other related information).
Value name | Sub key path | Type |
---|---|---|
Activated | \DesktopSealer\ | DWORD |
DeleteSourceFiles | \DesktopSealer\ | DWORD |
ClassificationMruSize | \DesktopSealer\Recent | DWORD |
OpenNewSealedFile | \DesktopSealer\ | DWORD |
Synchronization Manager Settings
See Section 1.5.4, "Synchronization Manager Settings" for possible values for these properties (and other related information).
Value name | Sub key path | Type |
---|---|---|
InitialServers | \Sync\InitialServers | STRINGs |
LockedServers | \Sync\LockedServers | STRINGs |
AutoSyncEnabled | \Sync\ | DWORD |
DefaultRetry | \Sync\ | STRING |
DefaultCatchup | \Sync\ | STRING |
LogLevel | \Sync\ | DWORD |
ShowSuccessInfo | \Sync\ | DWORD |
ShowFailureInfo | \Sync\ | DWORD |
See Section 1.5.5, "Search Settings" for possible values for these properties (and other related information).
Value name | Sub key path | Type |
---|---|---|
Enabled | \Search\ | DWORD |
ReportErrors | \Search\ | DWORD |
ReportWarnings | \Search\ | DWORD |
ReportInformation | \Search\ | DWORD |
See Section 1.5.6, "Email Settings" for possible values for these properties (and other related information).
Value name | Sub key path | Type |
---|---|---|
OutlookActivated | \Email\ | DWORD |
GroupWiseActivated | \Email\ | DWORD |
DisplayCloseSEMLWarning | \Email\ | DWORD |
DisplaySendAttachmentsWarning | \Email\ | DWORD |
DisplayInvalidFormatWarning | \Email\ | DWORD |
BodyFile | \Email\Options\Body | STRING |
EmailBodyType | \Email\Options\Body | DWORD |
PlainTextBody | \Email\Options\Body | STRING |
IndentReply | \Email\Options\Reply | DWORD |
FontCharSet | \Email\Options\Reply\Font | DWORD |
FontEffects | \Email\Options\Reply\Font | DWORD |
FontFaceName | \Email\Options\Reply\Font | STRING |
FontHeight | \Email\Options\Reply\Font | DWORD |
FontMask | \Email\Options\Reply\Font | DWORD |
FontOffset | \Email\Options\Reply\Font | DWORD |
FontPitchAndFamily | \Email\Options\Reply\Font | DWORD |
FontTextColor | \Email\Options\Reply\Font | DWORD |
SealedEmailFormat | \Email\Options\SealFormat | DWORD |
SignatureOnNew | \Email\Options\Signature | DWORD |
SignatureOnReply | \Email\Options\Signature | DWORD |
UseCustomTemplate | \Email\Options\Template | DWORD |
TemplateFile | \Email\Options\Template | STRING |
See Section 1.5.7, "Authentication Settings" for possible values for these properties (and other related information).
Value name | Sub key path | Type |
---|---|---|
DisableSaveCredentials | \Authentication\ | DWORD |
SuppressPrivacyPolicyDialog | \Authentication\ | DWORD |
See Section 1.5.8, "Legacy Setting" for possible values for these properties (and other related information).
Value name | Sub key path | Type |
---|---|---|
ShowAuthenticationMenu | \Legacy\ | DWORD |
DataDirectory | \Legacy\ | STRING |
See Section 1.5.9, "Local Data Clean-Up Setting" for possible values for these properties (and other related information).
Value name | Sub key path | Type |
---|---|---|
Clean | \LocalData\ | DWORD |
CleanCurrentUser | \LocalData\ | DWORD |