Use Identity-Based Security (a.k.a. IRM)

Earlier sections discuss protecting workbooks using passwords. The problems with passwords are:

  • They are susceptible to guessing attacks.

  • There is no secure way to share them among a group.

  • They tend to proliferate and become hard to remember. You can use the same password for all items, but that reduces security.

The solution to this problem is identity-based security. The preceding section showed how you could allow specific users to edit protected worksheets without the worksheet password. The larger solution is to define workbook permissions based on the user’s identity.

Note

Two key features make IRM worth using: you can add expiration dates to documents and you can prevent users from forwarding, printing, or copying the document. That’s great for copywritten or time-sensitive material—like early drafts of this book!

How it works

Identity-based security solves the password problem because users maintain their own password—usually it’s the one they use to sign on to the network—and then their identity travels with them wherever they go on a network. You don’t have to set workbook passwords, share those with your workmates, and hope you don’t lose or forget them.

Excel provides identity-based security through Microsoft Information Rights Management (IRM). This new feature comes at a cost, however. In order to use IRM, you must have a Windows 2003 server running Microsoft Windows Rights Management (RM) Services ...

Get Excel 2003 Programming: A Developer's Notebook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.