One document, many layers of access
Access controls in the FileOpen DRM implementation are dynamic, meaning that a particular set of capabilities is defined for each user/document/access event. This is important because it permits different users to get different types of access to the same PDF, e.g. one able to print the other not, and also because it permits the same user to get different access at different times, e.g. to have print access until the document is printed once but not thereafter.
FileOpen implements the permission types that are defined in the PDF Specification. These "pdPerms" govern the types of control that PDF viewers are expected to support, e.g. turning on/off the print button and menu.
Advanced Print Controls
In some cases, the FileOpen implementation goes beyond what is specified for PDF. For example, FileOpen can enable printing but restrict the type of printer that the user may select, either to allow only a specific printer or to prevent the use of some class of printer (i.e. printer drivers that "print to file"), and FileOpen can also limit the number of copies of a print job, the specific pages or page-ranges that can be printed, etc.
User and Device-based Granular Controls
The primary control enforced by the FileOpen software is around which devices can be used to open documents, for which users. Some of the most sophisticated elements of the system are located here, in policies to determine the number of devices allowed, how those devices are identified, which capabilities should be restricted based on the type of device, etc.
Systems offered by FileOpen, or built from the FileOpen SDK, can implement all of the standard types of control defined for PDF and a variety of extended capabilities, all with user/document/event granularity.