Skip navigation
Landim, Arthur
Currently Being Moderated

Unauthorized user removing policy from document

Apr 19, 2012 11:48 AM

Tags: #pdf #security #protection #rights #policy #rights_management #remove_policy #unauthorized_user

I'm facing a strange behavior in my environment.

I have a policy ("GDEHPolicyTest") which only the "SetPolTestUser" user can have access (open, close, print, etc). I also have another user ("SetPolTestUser2") which do not have access to documents protected with "GDEHPolicyTest" policy.

When I protect a document using the "SetPolTestUser" user and the policy "GDEHPolicyTest", the user "SetPolTestUser2" cannot open this document on Adobe Reader.

But when I call the following process on workbench using the "SetPolTestUser2" user with the previous protected document it runs with success and return an unprotected copy of the document. This user should not be able to remove the policy from that document.

 

process.PNG

 

See the Event page of that document:

auditing.PNG

 

Is there any way that I can prevent that happen? Because this a security issue.

 

* The same behavior happens if I call the webservice method "Remove Policy".

 

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points