Information Rights Management (IRM) allows authors to restrict permission for documents, workbooks, and presentations on a per-person or per-group basis. For example, Ranjit, the author, can give Helena permission to read a document but not change it. Ranjit can also give Bobby permission to change the document and allow him to save the document. Authors always have Full Control permission.
IRM provides three permission levels.
|
Permission Level |
Allows |
|
Read |
Read |
|
Change |
Read, edit, copy, save changes |
|
Full Control |
Read, edit, copy, save changes, print, set expiration dates for content, grant permissions to users, access content programmatically |
Important: To restrict permission to content in a file, you have to have Microsoft Office for Mac Standard 2011.
Set permission levels manually
-
On the Review tab, under Protection, click Permissions, and then click Restricted Access.
-
If this is the first time that you are accessing the licensing server, enter your user name and password for the licensing server, and then select the Save password in Mac OS keychain check box.
Tip: If you do not select the Save password in Mac OS keychain check box, you might have to enter your user name and password multiple times.
-
In the Read, Change, or Full Control boxes, enter the e-mail address or name of the person or group of people that you want to assign an access level to.
-
If you want to search the address book for the e-mail address or name, click
-
If you want to assign an access level to all people in your address book, click Add Everyone
-
After you assign permission levels, click OK.
The Message Bar appears and displays a message that the document is rights-managed.
Use a template to restrict permission
An administrator can configure company-specific IRM policies that define who can access information permissions levels for people. These aspects of rights management are defined by using Active Directory Rights Management Services (AD RMS) server templates. For example, a company administrator might define a rights template called "Company Confidential," which specifies that documents that use that policy can be opened only by users inside the company domain.
-
On the Review tab, under Protection, click Permissions, and then click the rights template that you want.
Change or remove permission levels that you have set
If you applied a template to restrict permission, you can't change or remove permission levels; these steps only work if you have set permission levels manually.
-
On the Message Bar, click Change Permissions.
-
In the Read, Change, and Full Control box, enter a new e-mail address or name of the person or group of people that you want to assign an access level to.
-
To remove a person or group of people from an access level, click the e-mail address, and then press DELETE .
-
To remove Everyone from a permission level, click Add Everyone
Set an expiration date for a restricted file
Authors can use the Set Permissions dialog box to set expiration dates for content. For example, Ranjit might also decide to limit both Helena's and Bobby's access to this document to May 25th, and then the permission to the document expires.
-
On the Review tab, under Protection, click Permissions, and then click Restricted Access.
-
Click More Options, and then select the This document expires on check box, and then enter the date.
After permission for a document has expired for authorized people, the document can be opened only by the author or by people with Full Control permission.
Allow people with Change or Read permission to print content
By default, people with Change and Read permission can't print your protected file.
-
On the Review tab, under Protection, click Permissions, and then click Restricted Access.
-
Click More Options, and then select the Allow people with Change or Read permission to print content check box.
Allow people with Read permission to copy content
By default, people with Read permission can't copy content from your protected file.
-
On the Review tab, under Protection, click Permissions, and then click Restricted Access.
-
Click More Options, and then select the Allow people with Read permission to copy content check box.
Allow scripts to run in a restricted file
Authors can change settings to allow Visual Basic macros to run when a document is opened and to allow AppleScript scripts to access information in the restricted document.
-
On the Review tab, under Protection, click Permissions, and then click Restricted Access.
-
Click More Options, and then select the Access content programmatically check box.
Require a connection to verify permissions
By default, people have to authenticate by connecting to the AD RMS server the first time that they open a restricted document. However, you can change this to require them to authenticate every time that they open a restricted document.
-
On the Review tab, under Protection, click Permissions, and then click Restricted Access.
-
Click More Options, and then select the Require a connection to verify permissions check box.
Remove restrictions
-
On the Review tab, under Protection, click Permissions, and then click No Restrictions.
-
In the dialog box, click Remove Restrictions.
See Also
Information Rights Management in Office
