When a user attempts to open a protected file:

1. User initiates file open

   Desktop agent or Seclore Online.

2. Policy Server receives request.
3. Policy Server identifies the associated Enterprise Application (EA).
4. Policy Server invokes the configured federation web service.
5. Enterprise application returns:
   • Effective user rights
   • Optional watermark content
   • Optional deny-access message
6. Policy Server computes final permissions.
7. File opens with dynamically enforced controls.

This happens at runtime for every file-open request.

Real-Time Permission Enforcement Outside the Application

Without federation: file downloaded today may retain yesterday’s permissions.

With Policy Federation: When a user opens a protected file, even outside the application — Seclore Policy Server queries the application for the current effective rights.

It ensures that:

• Dynamic permission updates
• Immediate revocation
• Context-aware access control