Creating Licenses to Authorize Users

After protecting the file, the Protect command opens the Digital Rights dialog. MicroStation creates a license for the certificate used to protect the file. This license grants unlimited (‘*’ stands for unlimited) rights. Initially this is the only recipient authorized to access the file.

Digital Rights dialog with initial license create when file was protected

Nobody, including the author, is able to delete or modify the author’s license. This prevents the author from accidentally locking himself out of the file or denying himself the right to administer rights. The author can add other recipients and assign rights to them. Only the author (or anyone with unlimited rights) can open the Digital Rights dialog. A user who gains access to this file by using a license sees only the description of his own license, including rights, expiry, URL, and annotation data.

Note: If the author used a certificate belonging to someone else to encrypt the file, then the author will have access to the encrypted file only until the end of the current session. The person whose certificate was used to encrypt the file has unlimited access.

The MS_PROTECTION_LICENSE_ENABLE configuration variable controls the type of licenses that can be added to a protected file

Value	Description
0	Disable license creation
1	Enable password licenses
2	Enable certificate licenses
4	Enable Everyone licenses
7 (default)	Enable all types of licenses

Add individual values together to enable two or more license types.

The MS_PROTECTION_ENABLE configuration variable controls the method by which a file is encrypted. Some organizations do not want to password protect a file for fear that password could be forgotten. Using the MS_PROTECTION_LICENSE_ENABLE configuration variable to add licenses to a file provides additional entry points to the file.

The Everyone License

An author grants access to a file to everyone by using the Add access for everyone tool on the Digital Rights dialog. Generally, it makes sense to create an Everyone license that only grants limited rights. For example, creating an everyone license that allows anyone to view the file.

Everyone license with view only rights

Password License

An author grants access to a file by creating a password license using the Add a password tool on the Digital Rights dialog.

MicroStation never divulges the password associated with this license.

Recipient License

An author grants access to a file by creating a certificate-based recipient license using the Add a recipient certificate tool on the Digital Rights dialog. The author first selects the recipient's certificate, then defines a license for that recipient, including rights, expiry and/or authentication URL. The author can select a digital certificate from their personal certificate store or identify a signed e-mail message file (.msg) or certificate file (.cer or .p7b).

Adding a Recipient Certificate by Dragging from Windows Explorer

The author can add recipient certificates to a protected file by dragging signed e-mail message (.msg) files and/or certificate (.cer, or .p7b) files from Windows Explorer or the desktop onto the Digital Rights dialog. The rights, expiry, etc., assigned to the new recipients are the same as the recipient that was selected in the dialog when the files were dropped.