0 Replies Latest reply on Apr 19, 2012 11:48 AM by Landim, Arthur

    Unauthorized user removing policy from document

    Landim, Arthur Level 1

      I'm facing a strange behavior in my environment.

      I have a policy ("GDEHPolicyTest") which only the "SetPolTestUser" user can have access (open, close, print, etc). I also have another user ("SetPolTestUser2") which do not have access to documents protected with "GDEHPolicyTest" policy.

      When I protect a document using the "SetPolTestUser" user and the policy "GDEHPolicyTest", the user "SetPolTestUser2" cannot open this document on Adobe Reader.

      But when I call the following process on workbench using the "SetPolTestUser2" user with the previous protected document it runs with success and return an unprotected copy of the document. This user should not be able to remove the policy from that document.




      See the Event page of that document:



      Is there any way that I can prevent that happen? Because this a security issue.


      * The same behavior happens if I call the webservice method "Remove Policy".