Enabling DRM and configuring SharePoint to accurately protect documents from low-trust user groups requires that some built-in features of SharePoint be disabled or blocked for the low-trust user groups. Likewise, if DRM is enabled and configured for a high-trust user group, then some SharePoint features will also be blocked for the high-trust user group.
Features Blocked by Prizm DRM
The Prizm Redirector component (part of Prizm DRM) will block some built-in features of SharePoint. The following built-in features will be blocked for groups after properly configuring Prizm DRM for the group:
- Direct access to document via URL
- 'Download a Copy' button and menu item (conditionally enabled*)
- 'Send To Other Location' buttons (located on both the ribbon and from the ECB menu) (conditionally enabled*)
- 'Create Document Workspace' buttons (located on both the ribbon and from the ECB menu) (conditionally enabled*)
- Opening files via WebDAV (conditionally enabled*)
 |
*This feature is not blocked if the group is granted the Prizm DRM 'Save/Send' permission. |
Features Disabled through SharePoint Permissions
When denying a group SharePoint permissions, the group will lose access to certain SharePoint functionality. The SharePoint base permissions 'Use Client Integration Features' and 'Use Remote Interfaces' will need to be denied to low-trust user groups. If enabling DRM for high-trust user groups, then 'Use Client Integration Features' will need to be denied.
The following list shows notable built-in SharePoint features that will be disabled for users when a base permission is denied:
Use Client Integration Features Base Permission
- Notable built-in features that will be disabled:
- Opening a document in a client application
- 'Upload Multiple Documents' ribbon button
- 'Open with Explorer' ribbon button
Use Remote Interfaces Base Permission
- Notable built-in features that will be disabled:
- SOAP protocol
- WebDAV protocol
- Use of the Client Object Model
- SharePoint Designer