When standard PDFs are distributed to end users there is no way of knowing who has access to the file, even if the file has been encrypted using standard [PDF_Security|PDF security] measures. However, where a Digital Rights Management (DRM) system is employed, a range of access and usage controls may be applied. These enable the service managers and publisher to control and track the usage of individual documents, and identify instances of attempted mis-use.

Online (web-based) DRM services that include access controls typically create log files of logins, logouts, for each document and user, with date and time stamps, IPAddress and other session details. These can then be analyzed or used to flag up attempts to misuse the documents (e.g. by attempts to access a file for whom permission has not been granted).

Offline (device-based) DRM services may have more powerful facilities for usage tracking. Typically these consist of local log file generation (on the target device) and centralized (server-based) logging of activities. The latter refers to the logging of events such as file opening on a specific device, printing a file, unauthorized attempts to open a file, again tracking the device details, user details (where available), IPAddress etc. for each such event. In the case of the Drumlin DRM service the core tracking details are described in the Codes, Licenses and Usage Tracking section of the DrumlinPublisher user manual. Such usage tracking relies on the use of background threads in the locally run apps, that communicate silently with the DRM server to validate access and log activities. This facility also enables a service manager or publisher to remotely disable access if necessary (e.g. when a file needs to be prematurely expired, an abuse of the content is identified, or a user demands a refund for a purchased publication).