The Rights Management service can track specific actions
related to the policy-protected document as they occur. This tracking
happens when the auditing capability is enabled and the policy used
to protect a document has auditing enabled. Events include activities
such as applying a policy to a document and opening a policy-protected
document.
Events fall into one of the following categories:
Administrator events are actions related to an administrator,
such as creating a new administrator account.
Document events are actions related to a document, such as
closing a policy-protected document.
Policy events are actions related to a policy, such as creating
a new policy.
Service events are actions related to the Rights Management
service, such as synchronizing with the user directory.
You can use the Rights Management Service API to search for specific
events. You can also use the Rights Management web pages to search
and view audited events. Users can view audited events for their
policy-protected documents and for protected documents that they
receive and use. Administrators can view audited events that are
related to all policy-protected documents and users. Administrators
can also track other types of events, including user, document, policy,
and system events.
Events that are performed on a copy of a policy-protected document
are also tracked as events with the original protected document.
A failed event is recorded if an unauthorized user attempts to
view a document or log in using an incorrect user name or password.
Policies can allow anonymous user access. If the administrator
later turns off anonymous access, anonymous access will fail for
documents protected with the policy, and the event will not be logged.
Methods for monitoring events
