Creating Licenses to Authorize Users
After protecting the file, the Protect command opens the Digital Rights dialog. MicroStation creates a license for the certificate used to protect the file. This license grants unlimited (‘*’ stands for unlimited) rights. Initially this is the only recipient authorized to access the file.
Nobody, including the author, is able to delete or modify the author’s license. This prevents the author from accidentally locking himself out of the file or denying himself the right to administer rights. The author can add other recipients and assign rights to them. Only the author (or anyone with unlimited rights) can open the Digital Rights dialog. A user who gains access to this file by using a license sees only the description of his own license, including rights, expiry, URL, and annotation data.
|0||Disable license creation|
|1||Enable password licenses|
|2||Enable certificate licenses|
|4||Enable Everyone licenses|
|7 (default)||Enable all types of licenses|
Add individual values together to enable two or more license types.
The MS_PROTECTION_ENABLE configuration variable controls the method by which a file is encrypted. Some organizations do not want to password protect a file for fear that password could be forgotten. Using the MS_PROTECTION_LICENSE_ENABLE configuration variable to add licenses to a file provides additional entry points to the file.
The Everyone License
An author grants access to a file to everyone by using the Add access for everyone tool on the Digital Rights dialog. Generally, it makes sense to create an Everyone license that only grants limited rights. For example, creating an everyone license that allows anyone to view the file.
An author grants access to a file by creating a password license using the Add a password tool on the Digital Rights dialog.
MicroStation never divulges the password associated with this license.
An author grants access to a file by creating a certificate-based recipient license using the Add a recipient certificate tool on the Digital Rights dialog. The author first selects the recipient's certificate, then defines a license for that recipient, including rights, expiry and/or authentication URL. The author can select a digital certificate from their personal certificate store or identify a signed e-mail message file (.msg) or certificate file (.cer or .p7b).
Adding a Recipient Certificate by Dragging from Windows Explorer
The author can add recipient certificates to a protected file by dragging signed e-mail message (.msg) files and/or certificate (.cer, or .p7b) files from Windows Explorer or the desktop onto the Digital Rights dialog. The rights, expiry, etc., assigned to the new recipients are the same as the recipient that was selected in the dialog when the files were dropped.