An Oracle blog about BI Publisher

Secure your PDFs

As many of you hopefully know we can secure your PDF outputs from publisher. There was a question on the forum asking how it can be achieved - there are, of course, various ways.

The levels of security supported covered in the following graphic - for more details check the Adobe Reader/Acrobat help files and our of course.


You can see two password fields, the first prevents the document being opened the second prevents someone with the first password and Adobe Professional from changing the document. The changes are controlled by the following attributes in the graphic. You have complete control over the PDF outputs, but how do you achieve it?

E Business Suite Template Manager

In the template manager UI you'll see the configuration tab - this has the options above. They can be set at  template, data definition and site levels. The options will be laid out as above - if you want to secure a PDF output remember that you will need to set the 'Enable PDF Security' value to 'true.'

PeopleSoft and JD Edwards

For these apps you'll need to use the xdo.cfg file. This is an XML file that defines the security options. Check the user guide for details, the file will have the structure:

<config version="1.0.0"  xmlns="http://xmlns.oracle.com/oxp/config/">
    <!-- Properties -->
        <!-- System level properties -->
        <property name="system-temp-dir">c:/Temp</property>

        <!-- PDF security -->
        <property name="pdf-security">true</property>
        <property name="pdf-open-password">welcome</property>
        <property name="pdf-permissions-password">welcomeagain</property>
        <property name="pdf-no-printing">true</property>
        <property name="pdf-no-changing-the-document">true</property>

As you can see the passwords are going to be clear text - not great but you could argue that almost everyone will not have access to the config file. This file needs to sit under the JRE_TOP/lib directory on your web tier for publisher to find it.

BI Publisher Enterprise

The standalone release has very similar UI to the E Business Suite implementation - the security attributes are available at site and report levels.

RTF Template Method

There is another way to set these attributes via RTF template properties. In MSWord you can set custom properties for the document and we can use those to set the security attributes. Just define new attributes and prefix the property - take the property name and prefix it with 'xdo-' e.g. xdo-pdf-security


From the graphic you can see the custom properties Name and Values defined.

If you look at the  graphic the second property sets the password for the document:

Name: xdo-pdf-open-password

PASSWORD is actually an element value in the XML that can be retrieved at runtime and set as the document password. Again, clear text password in the XML data but you could have the XML swept away as soon as its been used.

Java API Method

Finally, if you are using the API to generate outputs you can set the security via an API call. Just about all of the document processing APIs have a setConfig method. This can be used to set the document security:

    // Set the security property
    Properties prop = new Properties();

In this case we have created a Properties object, loaded our security properties into it and then passed it to the processor API.

So, you can secure your PDF output - there are just multiple ways to do it.

Join the discussion

Comments ( 2 )
  • Simon Thorpe Friday, September 26, 2008
    I would also like to mention that Oracle Information Rights Management (IRM) can be integrated with BI to provide a much better and more secure solution to protecting your PDF exports. The password functionality within the PDF format on its own is pretty basic, Oracle IRM provides a much harder set of security with a centralized classification model that allows for a more enterprise approach to classifying and securing the data. More information can be found at http://blogs.oracle.com/irm/.
    Simon Thorpe
  • Yogesh Pachpute Tuesday, February 17, 2009
    We are able to set pdf security properties at oracle ebs level using xml publisher administration responsibility. But when we use Bursting part of it the pdf security goes of . We are in process of generating the HR letters for our organization for this pdf security is very much essential. Please suggest some work around.
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.