Denying Rights Management services for specific applications

You can configure Rights Management to deny services to applications that meet specific criteria. The criteria can specify a single attribute such as a platform name or it can specify multiple sets of attributes. This feature can help you control the requests Rights Management must handle. Here are some applications of this feature:

  • Revenue protection: You may want to deny access to any client application that does not support your revenue conventions.

  • Application compatibility: Some application may be incompatible with the policies or behavior of your Rights Management server.

When client applications attempt to establish a link with Rights Management, they supply application, version, and platform information. Rights Management compares this information against Denials settings it obtains from the Rights Management configuration file.

The Denials settings can contain several sets of denial conditions. If all of the attributes of any one set match, the requesting application is denied access to the Rights Management services.

The denial-of-service feature requires that client applications use the Rights Management C++ Client SDK version 8.2 or later. The following Adobe products provide product information when requesting Rights Management services:

  • Adobe Acrobat 9.0 Professional/Acrobat 9.0 Standard and later

  • Adobe Reader 9.0 and later

  • Rights Management Extension for Microsoft Office 8.2 and later

Client applications use the Client API from the Rights Management C++ Client SDK to request services from Rights Management. The Client API requests include platform and SDK version information (precompiled into the Client API) and product information obtained from the client application.

Client applications or plug-ins supply product information in their implementation of a callback function. The application provides the following information:

  • Integrator name

  • Integrator version

  • Application family

  • Application name

  • Application version

If any information is not applicable, the client application leaves the corresponding field blank.

Several Adobe applications include product information when requesting Rights Management services, including Acrobat, Adobe Reader, and Rights Management Extension for Microsoft Office.

Acrobat and Adobe Reader

When Acrobat or Adobe Reader request a service from Rights Management, it supplies the following product information:

  • Integrator: Adobe Systems, Inc.

  • Integrator version: 1.0

  • Application family: Acrobat

  • Application name: Acrobat

  • Application version: 9.0.0

Rights Management Extension for Microsoft Office

Rights Management Extension for Microsoft Office is a plug-in used with the Microsoft Office products Microsoft Word, Microsoft Excel, and Microsoft PowerPoint. When it requests a service, it supplies the following information:

  • Integrator: Adobe Systems Incorporated

  • Integrator version: 8.2

  • Application family: Rights Management Extension for Microsoft Office

  • Application name: Microsoft Word, Microsoft Excel, or Microsoft PowerPoint

  • Application version: 2003 or 2007

Configure Rights Management to deny services for specific applications

  1. Export the Rights Management configuration file. (See Manually editing the Rights Management configuration file.)

  2. Open the configuration file in an editor and locate the PolicyServer node. Add a ClientVersionRules node as an immediate child of the PolicyServer node, if one does not exist: 

    <node name="ClientVersionRules"> 
    <map> 
        <entry key="infoURL" value="URL"/> 
    </map> 
    <node name="Denials"> 
        <map/> 
        <node name="MyEntryName"> 
            <map> 
                <entry key="SDKPlatforms" value="platforms"/> 
                <entry key="SDKVersions" value="versions"/> 
                <entry key="AppFamilies" value="families"/> 
                <entry key="AppNames" value="names"/> 
                <entry key="AppVersions" value="versions"/> 
                <entry key="Integrators" value="integrators"/> 
                <entry key="IntegratorVersions" value="versions"/> 
            </map> 
        </node> 
        <node name="MyOtherEntryName" 
            <map> 
                [...] 
            </map> 
        </node> 
        [...] 
    </node> 
</node>

    where:

    SDKPlatforms specifies the platform hosting the client application. Possible values are:

    • Microsoft Windows

    • Apple OS X

    • Sun Solaris

    • HP-UX

    SDKVersions specifies the version of the Rights Management C++ Client API used by the client application. For example, "8.2".

    APPFamilies is defined by the Client API.

    AppName specifies the name of the client application. Commas are used as name separators. To include a comma in a name, escape it with a backslash (\) character. For example, "Adobe Systems\, Inc.".

    AppVersions specifies the version of the client application.

    Integrators specifies the name of the company or group that developed the plug-in or integrated application.

    IntegratorVersions is the version of the plug-in or integrated application.

  3. For each additional set of denial data, add another MyEntryName element.

  4. Save the configuration file.

  5. Import the configuration file. (See Manually editing the Rights Management configuration file.)

Examples

In this example, all Windows clients are denied access.

<node name="ClientVersionRules"> 
    <map> 
        <entry key="infoURL" value="http://www.dont.use/windows.html"/> 
    </map> 
    <node name="Denials"> 
        <map/> 
        <node name="Entry_1"> 
            <map> 
                <entry key="SDKPlatforms" value="Microsoft Windows"/>  
            </map> 
        </node> 
    </node> 
</node>

In this example, My Application version 3.0 and My Other Application version 2.0 are denied access. The same denials information URL is used regardless of the reason for denial.

<node name="ClientVersionRules"> 
    <map> 
        <entry key="infoURL" value="http://get.a.new/version.html"/> 
    </map> 
    <node name="Denials"> 
        <map/> 
        <node name="FirstDenialSettings"> 
            <map> 
                <entry key="AppNames" value="My Application"/>  
                <entry key="AppVersions" value="3.0"/> 
            </map> 
        </node> 
        <node name="SecondDenialSettings"> 
            <map> 
                <entry key="AppNames" value="My Other Application"/>  
                <entry key="AppVersions" value="2.0"/> 
            </map> 
        </node> 
    </node> 
</node>

In this example, all requests from a Microsoft PowerPoint 2007 or Microsoft PowerPoint 2010 installation of Rights Management Extension for Microsoft Office are denied. 

<node name="ClientVersionRules"> 
    <map> 
        <entry key="infoURL" value="http://get.a.new/version.html"/> 
    </map> 
    <node name="Denials"> 
        <map/> 
        <node name="Entry_1"> 
            <map> 
                <entry key="AppFamilies" value= 
    "LiveCycle Rights Management Extension for Microsoft Office"/> 
                <entry key="AppNames" value= "Microsoft PowerPoint"/>  
                <entry key="AppVersions" value="2007,2010"/> 
            </map> 
        </node> 
    </node> 
</node

// Ethnio survey code removed