Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article describes how to use MIP SDK APIs to identify the type of protection configured on a label so your application can make behavior and UI decisions before applying protection. It also summarizes the key APIs and expected behavior for each protection type.
Overview
Starting in MIP SDK 1.18, the Label class exposes methods to determine what kind of protection a label applies. Previously, applications could only check HasRightsManagementPolicy() to determine whether a label applied any protection. The new methods allow applications to differentiate between the following protection types:
- Do Not Forward Protection that prevents the recipient from forwarding, printing, or copying the content.
- Encrypt Only Protection that encrypts the content but doesn't restrict the recipient's actions beyond decryption.
- Ad-hoc Protection where the user defines custom permissions (user-defined rights) at the time of application.
These methods enable applications to make more intelligent decisions about how to handle labels. For example, an email application could present different UI options depending on whether a label applies Do Not Forward versus Encrypt Only protection.
Querying label protection types
C++
The mip::Label class provides the following methods:
// Returns true if the label applies any protection.
bool HasRightsManagementPolicy() const;
// Returns true if the label applies Do Not Forward protection.
bool HasDoNotForwardProtection() const;
// Returns true if the label applies Encrypt Only protection.
bool HasEncryptOnlyProtection() const;
// Returns true if the label applies ad-hoc (user-defined) protection.
bool HasAdhocProtection() const;
Example: Inspecting label protection types
for (const auto& label : engine->ListSensitivityLabels()) {
std::cout << "Label: " << label->GetName() << std::endl;
if (label->HasRightsManagementPolicy()) {
if (label->HasDoNotForwardProtection()) {
std::cout << " Protection type: Do Not Forward" << std::endl;
} else if (label->HasEncryptOnlyProtection()) {
std::cout << " Protection type: Encrypt Only" << std::endl;
} else if (label->HasAdhocProtection()) {
std::cout << " Protection type: Ad-hoc (user-defined permissions)" << std::endl;
} else {
std::cout << " Protection type: Template-based" << std::endl;
}
} else {
std::cout << " No protection" << std::endl;
}
}
C# (.NET)
In the .NET wrapper, the Label class exposes matching properties:
label.HasRightsManagementPolicy // bool
label.HasDoNotForwardProtection // bool
label.HasEncryptOnlyProtection // bool
label.HasAdhocProtection // bool
Example: Inspecting label protection types
foreach (var label in engine.SensitivityLabels)
{
Console.WriteLine($"Label: {label.Name}");
if (label.HasRightsManagementPolicy)
{
if (label.HasDoNotForwardProtection)
Console.WriteLine(" Protection type: Do Not Forward");
else if (label.HasEncryptOnlyProtection)
Console.WriteLine(" Protection type: Encrypt Only");
else if (label.HasAdhocProtection)
Console.WriteLine(" Protection type: Ad-hoc (user-defined permissions)");
else
Console.WriteLine(" Protection type: Template-based");
}
else
{
Console.WriteLine(" No protection");
}
}
Relationship to existing APIs
These new methods complement the existing HasRightsManagementPolicy() method. The relationship is:
- If
HasRightsManagementPolicy()returnsfalse, all three new methods also returnfalse. - If
HasRightsManagementPolicy()returnstrue, at least one of the new methods returnstrue, or none returntrueif the label uses template-based protection. - A label can combine ad-hoc (user-defined permissions) with Do Not Forward or Encrypt Only. In these combined cases:
HasDoNotForwardProtection()returnstruewhen the label applies Do Not Forward protection, whether or not it also includes ad-hoc behavior.HasEncryptOnlyProtection()returnstruewhen the label applies Encrypt Only protection, whether or not it also includes ad-hoc behavior.HasAdhocProtection()returnstrueonly when the label applies standalone ad-hoc protection (without Do Not Forward or Encrypt Only).