Secure your PDFs

As many of you hopefully know we can secure your PDF outputs from publisher. There was a question on the forum asking how it can be achieved - there are, of course, various ways.


The levels of security supported covered in the following graphic - for more details check the Adobe Reader/Acrobat help files and our of course.


PDFSec1:


You can see two password fields, the first prevents the document being opened the second prevents someone with the first password and Adobe Professional from changing the document. The changes are controlled by the following attributes in the graphic. You have complete control over the PDF outputs, but how do you achieve it?


E Business Suite Template Manager


In the template manager UI you'll see the configuration tab - this has the options above. They can be set at  template, data definition and site levels. The options will be laid out as above - if you want to secure a PDF output remember that you will need to set the 'Enable PDF Security' value to 'true.'


PeopleSoft and JD Edwards


For these apps you'll need to use the xdo.cfg file. This is an XML file that defines the security options. Check the user guide for details, the file will have the structure:


<config version="1.0.0"  xmlns="http://xmlns.oracle.com/oxp/config/">
    <!-- Properties -->
    <properties>
        <!-- System level properties -->
        <property name="system-temp-dir">c:/Temp</property>


        <!-- PDF security -->
        <property name="pdf-security">true</property>
        <property name="pdf-open-password">welcome</property>
        <property name="pdf-permissions-password">welcomeagain</property>
        <property name="pdf-no-printing">true</property>
        <property name="pdf-no-changing-the-document">true</property>
    </properties>
</config>


As you can see the passwords are going to be clear text - not great but you could argue that almost everyone will not have access to the config file. This file needs to sit under the JRE_TOP/lib directory on your web tier for publisher to find it.


BI Publisher Enterprise


The standalone release has very similar UI to the E Business Suite implementation - the security attributes are available at site and report levels.


RTF Template Method


There is another way to set these attributes via RTF template properties. In MSWord you can set custom properties for the document and we can use those to set the security attributes. Just define new attributes and prefix the property - take the property name and prefix it with 'xdo-' e.g. xdo-pdf-security


PDFSec2:


From the graphic you can see the custom properties Name and Values defined.


If you look at the  graphic the second property sets the password for the document:


Name: xdo-pdf-open-password
Value: {PASSWORD}


PASSWORD is actually an element value in the XML that can be retrieved at runtime and set as the document password. Again, clear text password in the XML data but you could have the XML swept away as soon as its been used.


Java API Method


Finally, if you are using the API to generate outputs you can set the security via an API call. Just about all of the document processing APIs have a setConfig method. This can be used to set the document security:

    // Set the security property
    Properties prop = new Properties();
    prop.put("pdf-security","true");
    prop.put("pdf-open-password","welcome");
    foProcessor.setConfig(prop);

In this case we have created a Properties object, loaded our security properties into it and then passed it to the processor API.


So, you can secure your PDF output - there are just multiple ways to do it.

Comments:

Tim I would also like to mention that Oracle Information Rights Management (IRM) can be integrated with BI to provide a much better and more secure solution to protecting your PDF exports. The password functionality within the PDF format on its own is pretty basic, Oracle IRM provides a much harder set of security with a centralized classification model that allows for a more enterprise approach to classifying and securing the data. More information can be found at http://blogs.oracle.com/irm/. Regards Simon Thorpe

Posted by Simon Thorpe on September 26, 2008 at 02:49 AM MDT #

We are able to set pdf security properties at oracle ebs level using xml publisher administration responsibility. But when we use Bursting part of it the pdf security goes of . We are in process of generating the HR letters for our organization for this pdf security is very much essential. Please suggest some work around.

Posted by Yogesh Pachpute on February 17, 2009 at 02:11 PM MST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Follow bipublisher on Twitter Find Us on Facebook BI Publisher Youtube ChannelDiscussion Forum

Join our BI Publisher community to get the most and keep updated with the latest news, How-to, Solutions! Share your feedback and let us hear your voice @bipublisher on Twitter, on our official Facebook page, and Youtube!

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today