17 Jul 2019

Digital rights management

Product Filter HighQ Collaborate
Product Area Filter Files

Digital Rights Management (DRM) is a term used to suggest restrictions on a user's permissions with respect to a file. Typically, when a user can access a file on their own computer they have full rights to that file. For example, they can view, print, download and share the file with others and edit the file if the file is in an editable format (i.e. Word files, but not Adobe Acrobat files). When DRM is applied to a file, some or all of these permissions may be removed and the file may be changed through the addition of uneditable watermarks.

There are two separate (DRM) options available in Collaborate, which can be configured by the Site Administrator, as discussed here.

Enabling DRM options

In the Admin tab, open Module settings then Files.

Managing DRM permissions

To manage DRM permissions for User Groups, click the Admin tab then select Groups in User management. Click the More options icon for a User group, select Set group permissions and Files

Alternatively, a site administrator can manage DRM for each folder or file. Click the File tab then the More options icon for a folder or file, select Edit details and Permissions

Collaborate DRM options

There are two principal ways of configuring digital rights management on a Collaborate site:

  • Previewer - The previewer displays documents in the browser. The original document is not downloaded to the user's computer and cannot be shared and the user does not need to install the native application. The previewer requires an HTML5 compatible browser. 
  • PDF Encryption - With PDF encryption, a file is converted to PDF (if it is not already in PDF format) and then FileOpen encryption is applied to the PDF file. The PDF version of the file can be freely downloaded but to view the file in Acrobat, the user must first enter their Collaborate userid (email address) and password. The file can be saved, copied and shared, but anyone else who tries to view that file is required to enter the original user's authentication information.

When DRM is applied to a site, it is applied to every file in that site. However, additional restrictions can be imposed on certain files or groups:

  • Disable Print - Users in a group with this option cannot print the file. A watermark is added to the file to indicate this permission has been restricted.
  • Disable Save - Users in a group with this option can only view the file in the previewer, they cannot download or save the file. Deselect this checkbox to permit users to download a 'native' version of a restricted file (or all of the files in a folder).

Disable Save options must be enabled at the system level in order for this to be displayed. 
Contact an account manager to enable this feature.

  • Add Watermarks - A site administrator can add a watermark to previewed or downloaded documents. If the document can be printed, then the watermark appears on every page of the printed document. This provides the flexibility to allow the file to be shared in hardcopy while alerting any recipients about the sensitive nature of the file and allowing the file to be traced back to the person who shared it.
    The watermark is only visible when the file is viewed in a browser (with the previewer) or on a computer in Adobe Acrobat.
    • IP address - The user's IP address is inserted
    • Email address - The user's email address is inserted
    •  Printing disabled - This option reminds the user that they cannot print the document
    • Confidential - This option reminds the user to treat the file as a confidential document
    • Custom text - This option allows the site administrator to add custom text as a watermark

See Managing groups for more information about how a site administrator can configure User groups.

Who is impacted by DRM restrictions

As described here, while all types of users are impacted when DRM is applied to a site, certain users can avoid the limitations imposed by DRM. For example, site and content administrators and users with Add File or Folder Admin permissions are given the option to download the native version of every file, without watermarks. DRM restrictions are mainly intended to limit access for users who only need to view files.

Accessing the original file

A user with System, Site or Content admin permissions can download the original file, without any restrictions or watermarks, even if DRM or FileOpen PDF encryption has been applied.

The user can download the original file:

  • In the file More actions menu; click Download original
  • On the file information page; click Original

However, if using the previewer, the user is still subject to save, print and watermark restrictions.

Accessing the previewer

If the Previewer DRM option is applied, users are required to view the contents of a file in a separate browser window (i.e., the previewer). There are two variations on how the previewer can be accessed, depending on how a site has been configured.

  1. When the user clicks on a file name, the file automatically opens in the previewer window.
  2. When the user clicks on the file title the file information page appears and from there the user can click View to view the file in the previewer window, or the user can click View from the More actions menu.

The default previewer

The previewer does not require the user to install the file's native application. For example, if the file is a PowerPoint file there is no need to install PowerPoint. No software is required other than an HTML5 compatible browser.

The preview typically maintains the look and feel of the original file, including formatting, images and pagination. Here are some key features of the previewer:

  • Depending on the configuration of DRM options, the user may be able to print the file

  • The full text of the file can be searched, provided there is text in the file. (For example, PDF files that are scanned but not OCR'd do not have any text to search)

  • It is possible to zoom in and out of the preview

  • Use the navigation controls to quickly jump to a different page

  • The preview can be viewed in full-screen mode

  • The file can be scrolled through horizontally

If a large file is viewed and it has not finished loading, the user can view the file download progress and start to read the file.

Click Exit to close the window.

Disable printing

If the site administrator has restricted the user's right to print the file the previewer is almost identical, except:

  • The Print icon has been removed; the user cannot print the file.
  • A 'Printing disabled' watermark has been added to the preview version of the file:

Watermarks enabled

If the site administrator has enabled watermarks, but the user can still print the file, the previewer is almost identical, except:

  • The watermark includes the user's email address and IP address. The user can print the file, but the watermark appears on every printed page

Please note that the document will not be watermarked if it has encryption applied to it before you upload the file to HighQ

FileOpen PDF Encryption

If the FileOpen PDF encryption option is enabled by the site administrator, a regular user can only download a protected PDF version of their files. Either click More actions > Download:

Or click the file name and then click Download in the viewer:

In order to open a FileOpen encrypted PDF file, the user is required to install a plug-in. This can be accessed through the help information at the top of the screen:

For information on the iOS version of the FileOpen plugin for Apple mobile devices, go here.

When the user attempts to open the downloaded PDF file, they see a login prompt:

At this point, the user must enter their Collaborate username and password to open the file in Acrobat. The FileOpen plugin securely communicates with the Collaborate server to determine if the login information is accurate and if the user has permission to view the file. 

The user can open the PDF file from any computer, not only the computer the PDF file was downloaded to.

Internet access is required to open a protected file.

The user must log in for each file, even if one file is opened directly after another.

Revoking access to content

Because each user needs to authenticate in order to open a file, the ability to view a file can be revoked at any time. To do so, remove the view rights to the file or folder from the appropriate security group. If a user in that security group attempts to open the file, the authentication fails.

Although it is not possible to set an automatic expiration date on access, a site administrator can manually revoke access at any time.

Accessing the FileOpen encrypted PDF file

When the file opens, the title is suffixed with the word (SECURED).

If the site administrator has not applied any restrictions on printing and no watermarks had been added, the file looks like any other PDF file.

However, if the user shares the file with another person, that other person would need to enter the original user's  Collaborate information to open the file.

If printing is disabled, then like the previewer, the Print option is not displayed and the 'Printing disabled' watermark is visible.

Was this article helpful?