Accessing policy-protected documents online

To open and use policy-protected documents, the policy must grant the user access to the document. The document user also needs a valid Rights Management account and the appropriate client application. For PDF documents, the user needs Acrobat or Adobe Reader. For other file types, the user needs the appropriate application for the file with the Rights Management extension installed.

When a user attempts to open a policy-protected document, Acrobat, Adobe Reader, or Rights Management Extension connects to Rights Management to authenticate the user. Then, the user can proceed to log in. If the document usage is being audited, a notification message appears. After Rights Management determines which document permissions to grant, it manages the decryption of the document. The user can then use the document according to the policy confidentiality settings.

The steps in the diagram are as follows:

  1. The document user opens the document in a supported client application and authenticates with the server. This task is performed in the supported client application. The document identifier is sent to the Rights Management service.

  2. The Rights Management service authenticates the users, checks the policy for authorization, and creates a voucher. The voucher, which contains the document key and permissions, is returned to the client application.

  3. The document is decrypted with the document key, and the document key is discarded. The document can then be used according to the confidentiality settings of the policy. These tasks are performed in the supported client application.

If the policy specifies that document events are logged, the client software sends event information to the server for logging as soon as the user opens the document. For information about the audit log, see Monitoring events in LiveCycle Administration Console Help.

If the user saves a copy of a policy-protected document, the policy is automatically applied and enforced for the new document. Events such as attempts to open the new document are also audited and recorded for the original document.

The user can continue to use a document with the following time limits:

  • Indefinitely or for the validity period specified in the policy

  • Until the administrator or the person who applied the policy revokes the right to open the document or changes the policy

// Ethnio survey code removed