Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.

Unauthorized user removing policy from document

Avatar

Former Community Member

I'm facing a strange behavior in my environment.

I have a policy ("GDEHPolicyTest") which only the "SetPolTestUser" user can have access (open, close, print, etc). I also have another user ("SetPolTestUser2") which do not have access to documents protected with "GDEHPolicyTest" policy.

When I protect a document using the "SetPolTestUser" user and the policy "GDEHPolicyTest", the user "SetPolTestUser2" cannot open this document on Adobe Reader.

But when I call the following process on workbench using the "SetPolTestUser2" user with the previous protected document it runs with success and return an unprotected copy of the document. This user should not be able to remove the policy from that document.

process.PNG

See the Event page of that document:

auditing.PNG

Is there any way that I can prevent that happen? Because this a security issue.

* The same behavior happens if I call the webservice method "Remove Policy".

0 Replies