IRM-Enabled SharePoint Documents in Groove Workspace

Windows Server 2008 has Rights Management Services (RMS, which is a server add-on feature) as an installable role and seamlessly integrated into the OS. Further Information Rights Management (IRM, which is the client ability to comply with what is set to be enforced by RMS) can be enabled in SharePoint Central Admin (after installing RMS client on the SharePoint box) by pointing SharePoint to a RMS server in Central Admin Operations and also granting IIS App Pool ID and AD RMS Service Group access right to server certificate web services on the CA box required by RMS. The operations are straightforward as discussed in my webcast.

When adding a SharePoint file tool in a Groove workspace, the documents downloaded from an IRM-enabled SharePoint document library are still embedded with set usage policies. Groove does not translate SharePoint permissions, nor the usage policy embedded in an IRM-enabled document regardless it is from SharePoint or not. As far as documents in a Groove workspace are concerned, Groove is a secure transport. As far as Groove is concerned, all documents are bits and bytes. It is up to the file system at an end point to, as appropriate, invoke an associated application to open a file. The transition of a file from Groove to a local file system is transparent to a user. With RMS-aware application like Office 2007, IRM will kick in and the usage policy is for sure enforced at file opening time based on individual’s license acquired form RMS server.

The net is IRM is transparent to Groove. IRM is enforced at file opening time regardless where it is from or if it is placed in Groove or not.