Access Control and Accessibility in Oracle IRM 11g

A recurring theme you'll find throughout this blog is that IRM needs to balance security with usability and manageability. One of the innovations in Oracle IRM 11g typifies this, as we have introduced a new right that may be included in any role - Accessibility.

When creating or modifying a role, you simply select Accessibility along with Open, Print, Edit or whatever rights you want to include in the role.

11g-accessibility.png

You might, for example, have parallel roles of Reader and Reader with Accessibility and Contributor and Contributor with Accessibility.

The effect of the Accessibility right is to relax some of the protection of content in use such that selected users can use accessibility tools. For example, a user with the Accessibility right would be able to use the screen magnification tool, which IRM would ordinarily prevent because it involves screen capture.

This new right makes it easy for you to apply security to documents yet, subject to suitable approval processes, cater for the fact that a subset of users might be disproportionately inconvenienced by some of the normal usage constraints. Rather than make those users put up with the restrictions, or perhaps exempt them from using sealed documents altogether, this new right allows you to accommodate them in a controlled manner, and to balance security with corporate accessibility goals.

Comments:

Every new feature which deals with access and content control is welcome, as IRM usage rights scenarios can be very different. I wonder if the following request can be covered by the IRM 11g functionality. IRM desktop client, through its integration with MS office can prevent users to save unsealed documents effectively disabling standard save controls. But this is valid only if a sealed document with the appropriate features is being used. Is it possible to enforce that only sealed content can be created by synchronized IRM users? In that scenario, IRM desktop client would disable standard office file save controls for all users with certain role within desired context, after they synchronize the rights with IRM server.

Posted by Boris T. on May 02, 2010 at 05:55 PM PDT #

Hi Boris, I want to clarify your question before answering, so will mail you directly. If I understand correctly, it is possible with a little customization but I have yet to find the customer who really wants this behaviour. It is unlikely that a customer will really want EVERYTHING to be sealed, so disabling the standard Office save options is unlikely. On the few occasions when a customer has requested this type of behaviour, they have always said that exceptions need to be possible - so in the end they do not want to disable standard save options.

Posted by martin.abrahams on May 04, 2010 at 03:16 AM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Oracle IRM protects and tracks your sensitive information no matter where it goes. It combines business friendly encryption with role based usage rights and auditing.

11g quick guide

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today