Confidential document

Similar Messages

• Making confidential document restriction

  Hi,
  We need to create a property for KM document: confidential. Whenever a document is created with this property, it has to be non-editable and cannot be copied for a certain layout set.
  We have a admin layout set and a enduser layout set.
  For enduser layout set these documents will be only for view. No operation can be made.
  How can we achieve this? Do we need any custom Repository service?
  Regards
  Arindam

  Hi
  Write a custom repository service for this folder and which reads the property "confidential". If the property is set the programatically change all the property of this folder.
  Thanks
  Puneet

• Restricted access to confidential documents in DMS

  Hello Gurus,
  Need your expert guidance on the following requirement.
  The requirement is to restrict the access of the document to users like Author, Reviewer and  Approver, for all the documents.
  I am confused which authorization object will work in my case and what settings I've to maintain for this.
  Authorization Object C_DRAW_BGR u2014 Authorization Group
  Authorization Object C_DRAW_DOK u2014 Document Access
  Authorization Object C_DRAW_TCD u2014 Activities for Documents
  Say I am having document types to us those are confidential.
  ABC (finance docs)
  LMN (Legal docs)
  XYZ (design docs)
  We want to allow only the users who are having below roles.
  DMS_APPROVER
  DMS_REVIEWER
  For rest of the user we don't want to allow change/display acccess to the above documents.
  Please guide me how to proceed, what need to be done.
  Regards,
  Ganesh

  Hello Ravindra/DMS Gurus,
  Sorry, but still my requirement is not met.
  Actually our business scenario is as below:
  Say there is a special document Type APR (Employee appraisal document)
  And for 5 different employee created (Authors) the document giving their self-inputs.
  Now these employee are assigned to say 3 different Supervisors (Reviewers) and one Manager (Approver)
  {Author; Reviewer and Approver are maintained in Additional Data of the document.}
  So each document will have a Reviewer and Approver assigned along with the Author.
  Our requirement is to restrict the access of these 5 documents to the Employees (Authors), so that none of these employee can view each others document. And allow display/change to respective Supervisor (Reviewer) and Manager (Approver) only.
  We need to restrict document access based on the above scenario
  After checking, I think using authorization object the above requiremment can not be met. Can we use any user exit?
  Your valuable comments are appreciated.
  Regards,
  Ganesh
  Edited by: ganesh sarasvati on Aug 12, 2010 5:35 PM
  Edited by: ganesh sarasvati on Aug 12, 2010 5:37 PM

• Confidential documents in KM: How to secure individual employee documents

  Hello KM experts!
  We store W2 documents that we get from a third party as pdf files in a folder in KM. There are a couple of thousand documents every year that we need to store in KM and make them available for employees. The file names are encrypted and consist of a bunch of numbers - you would not be able to tie a document to an employee by looking at the file name.
  The third party company sends us an index file that ties the document name to an employee number.
  We upload this index file to a custom table in SAP backend.
  We have developed a custom web dynpro application that looks up the employee number of the logged in user at runtime and then gets the associated documents from the custom table and displays the W2 statements for that user.
  This is all working according to user requirements.
  Here is our issue:
  The pdf files are all stored in one folder in KM that has read access for group everyone!
  We have disabled the standard navigation iView to ensure nobody can browse the KM folders but the documents itself are still not secure enough.
  One could still view somebody elses W2 statement by constructing the correct URL path - it would be tough getting a hit with the encrypted file names but still possible.
  Any idea on how we could secure the documents better?
  Uploading them to each users personal folder would be an idea but how to go about that? We would need for each year a folder in the personal folder of the user as users can filter W2 statements by year in the custom web dynpro application. In addition we would need to have a program that creates those year folders automatically and based on the index file puts the files into the correct personal folders.
  A quite crazy idea that I have is to create a service specific user and assign read access of the W2 folder and all pdf files to only that user. In the web dynpro application I would then access the pdf files only with that service user but I have no idea if that is even feasible.
  Sorry for the long description of the problem but any help is appreciated.
  I will surely reward points for useful and problem related answers - just dumping some help/SDN links that have nothing to do with the issue will not yield any points!
  Thanks,
  Harald

  Hi Harald,
  so you get as well from me a link at sdn.....
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/e2ddd63d-0b01-0010-46bb-e092790068cb
  it is a code sample for Implementing a Read-Only Security Manager.
  And don't forget to reward a lot of points.
  All joking aside.
  The main point is what you have mentioned: defining a repository with read permission to everybody means everybody can access the files even they doen't have a role with an Navigation iView. You can as well use Explorer do enter the WebDAV Url to this repository and everybody can access the pdf files.
  There are a few of conceptionals solutions for your issue.
  One solution could be to implement your own security manager. See the URL with a code sample. You have to assign this security manager to your repository instead of using the aclSecurityManager.
  Your own security manager has to read the portal user name, afterwords the employee numer of your W2 table and have a look in your W2 index table if the user is allowed to open the file.
  The advantage of implementing your own security manager is you can now use every portal / km service and iView. That means you can use TREX for indexing, your can use the KM Navigation iView and so on.
  The disadvantage: for every file in the repository the security manager will be called. That's why this coding (of your security manager) must have a (very) good performance.
  Best Regards
  Frank

• Best practice for securing confidential legal documents in DMS?

  We have a requirement to store confidential legal documents in DMS and are looking at options to secure access to those documents.  We are curious to know.  What is the best practice?  And how are other companies doing it?
  TIA,
  Margie
  Perrigo Co.

  Hi,
  The standard practice for such scenarios is to use 'authorization' concept.You can give every user to use authorization to create,change or display these confidential documents. In this way, you can control access authorization.SAP DMS system monitors how you work, and prevents you from displaying or changing originals if you do not have the required authorization.
  The below link will provide you with an improved understanding of authorization concept and its application in DMS
  http://help.sap.com/erp2005_ehp_04/helpdata/en/c1/1c24ac43c711d1893e0000e8323c4f/frameset.htm
  Regards,
  Pradeepkumar Haragoldavar

• How to restrict read access to certain document in stellent content server

  Hi,
  We are using stellent content server to store project documents. We would like to restrict access to certain confidential documents.
  Users with Read / Write permission should not be able to access but admins with RWDA permission should be able to access these confidential documents.
  Appreciate your inputs on this.
  Thanks,
  Nayana

  Without seeing your setup and environment its a bit hard..
  But...
  Make sure that user has read only access to public security group.
  You could setup an addition role with readOnly access and apply it those users.
  Or restrict there account to have Read only access.
  Remember if the user has Admin access on the Account but only readonly access on the security group then they will only have read only access on the files and visa versa.. :)
  J.
  Message was edited by:
  JRS

• Password protecting certain documents

  I have several documents I would like to password protect individually. Is this possible and if so, how?

  MS Office has it's own password protection built in.
  You set it through the Options button in the Save As dialog (v.X)
  It may be a different place if you are using a different version of Office, but you should be able to find it by looking in the Help.
  Other than that, I would second the suggestion to use a secure Disk Image.
  Open up /Applications/Utilities/DiskUtility
  In the help search for the page titled 'Protecting confidential documents in a secure disk image'

• How to password protect a numbers document

  I'm trying to figure out how to password protect a numbers document.
  My intention is to load this document onto a website, but only want authorized persons with the correct password to be able to access.
  Any ideas??
  Thanks

  bscaplan wrote:
  I am using Numbers 08
  And the Numbers User Guide, supplied with iWork '08, make no mention of password protection, which was introduced in Numbers '09.
  Looks like the best option is Wayne's second suggestion—open via File > Print > PDF > Open in Preview, then Save the resulting PDF document with encryption turned on.
  An alternate, if you want the recipients to receive a copy of the Numbers '08 file, and to be able to edit that file, you could enclose it in a secure disk image file.
  The basic procedure is to:
  Use Disk Utility to create a new, blank, sparse disk image, assign a password and save.
  Double-click the .dmg file (and enter the password when requested) to mount the disk image on your desktop, then Save a copy of your file to the (open) disk image.
  When done, eject the image, and upload the (encrypted) .dmg file to the website.
  Detailed instructions may be found in Disk Utility's Help files.
  Launch DU (found in the Utilities folder in Applications), click the Help menu and choose Disk Utility help.
  Go to the index, scroll to and click Security, then click a title similar to "Protecting confidential documents in a secure disk image." (a search on 'confidential' should also take you to a list containing that title.)
  My version of DU is old enough that sparse images hadn't been introduced, or I'd post a copy of the article here.
  Regards,
  Barry

• Document Level Header Scripts

  Hello -
  I am looking for any assistance you may have.  I am working on a project in Acrobat Professional 7.0 that requires me to add the computer username to the header of a pdf file.  I have determined, and implemented this in Excel files using an onopen event.  I need to do the same thing but in a pdf file.  I have absolutely no javascripting experience so the more basic your explanation the better.
  After reading up on the internet, I believe that I need a document level script?  I found an example that is:
  this.addwatermarkfromtext({
  ctext: "Confidential Document",
  ntextalign: 2,
  nhorizalign: 2,
  nvertalign: 0,
  nhorizvalue: -72,
  nvertvalue: -72,
  I entered that under Advanced, Javascript, Document Javascript but I receive an error that says typeerror: this.addwatermarkfromtext is not a function.  Again, I would need to change it to pull the username (I am assuming I can do this with a variable?).  I appreciate any and all help.
  Thanks in advance for your time.

  Thanks for the quick response.  Here is my situation.  The pdf file contains highly confidential information.  I want to email it out and have the username automatically appear in the header or footer so everyone is aware of who printed the copy.
  If, according to your last post, cannot assign that to the document level then must that be applied on everyone's computer?  Please note that I am the only one with Professional.  All users will be using the Reader only.
  Thanks again for all of your assistance.  It is greatly appreciated.

• How to modify edit/read mode pop up for documents in "SP2013" to open in only read only mode

  Hi,
  When opening a document the users of my site and including me are getting a pop up asking to open it in read only or edit mode. We want to disable the edit option for end users. Those are confidential doc's. 
  We want them to open only in read only mode. How can it be achieved.
  Can we FORCE a read-only open of the document without giving anyone the option to open in edit mode? I don't have access to Central Admin. Hence kindly let me know if there is some javascript
  code that i can use to do this from browser.
  thank you !

  Hi Prajk,
  If users have edit permission on the documents in this library, even if we disable this dialog (by disabling the add-on "SharePoint OpenDocuements class" from IE browser), the users sitll could download the documents to local machine, and
  edit the documents in client Office application, then sync to library.
  If you want the users to read these confidential documents only, you can only grant the users read-only permission on the document items or on library level, then they could unable to edit these confidential docs, note to give proper users
  proper permissions.
  If you also want that the confidential docs could be opend and read-only in client Office application, you can configure the IRM (implemented by RMS) for SharePoint server, then set the document items in the library read-only for
  some users.
  https://technet.microsoft.com/en-us/library/hh545607%28v=office.14%29.aspx?f=255&MSPPError=-2147217396
  https://support.office.com/en-in/article/Apply-Information-Rights-Management-to-a-list-or-library-6714cfe3-ef39-43b0-bb65-a887726bb63c?CorrelationId=ebcf6a01-1d3c-4b75-86ae-c11322065be6&ui=en-US&rs=en-IN&ad=IN
  Thanks
  Daniel Yang
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Print "Confidential" mark on all docs (required for SOX audit)

  Hi All.
  Problem: In order to comply with Sarbanes-Oxley Act I need to implement possibility to print "Confidential" mark for any user chosen document (on every page).
  Partially this was implemented by setting footnote in SAP printer driver. But this isn't usable all the time (especially with ALV-lists).
  There are 3 SAP notes:
  895029 - Let MIC report output watermark
  371854 - SAP Query: Printing in the SAP List Viewer (ALV)
  756650 - Footer in the print dialog
  But first one is about standard header. Second one looks is what I need, but it also does not cover all documents. Third is for future releases.
  I found that there is special Sarbanes-Oxley Compliance Software for SAP ERP. And I wonder if it covers also print issue:
  680615 - Installing SAP CM SOA Release 1.0
  Best solution would be to have a checkbox, which user can check while printing confidential documents.
  I do not believe that nobody faced with the same problem while preparing to SOX audit. Is there a standard solution?
  Thanks to all.
  Message was edited by:
          Andrei Balashchanka

  If someone interested here is SAPs reply for my problem:
  "Setting a footline for printing in the ALV lists is not possible.
  However as a workaround you are able to design the areas above and
  below the ALV output with various elements. In your business case (if I
  understood your business requirements correctly) you need to output a
  text/a mark at the top/at the bottom of every printed page -> in order
  to implement this you would have to implement handling for either the
  TOP_OF_PAGE or the END_OF_PAGE events as in ALV the page headers and
  footers are events.
  If ALV determines that there is a page break when generating the
  printout, the END_OF_PAGE or TOP_OF_PAGE event is triggered. ALV checks
  whether a design object is defined for this event and inserts at the
  correct position e.g. when you use the event print_end_of_page to output
  text with the WRITE statement during print output. The text is inserted
  at the end of each page. During print output, the ALV Grid Control goes
  to the list output of the classic ALV. In the print preview (classic
  ALV), the text for this event is not displayed. Demo program
  BCALV_GRID_01 in development class SLIS illustrates how the
  print_end_of_page is used. To allow output at the end of each page, you
  must reserve several lines for these pages. To do this, use field
  reservelns of a structure of type lvc_s_prnt and pass this structure
  with method set_table_for_first_display.
  For an overview see also the documentation for the events of class
  CL_GUI_ALV_GRID."

• Restrict sensitive document leakage from Printing, "Save as", Copying and Priting screen?

  Our President highly suspected some of our staff who have sold the confidential documents to competitors but we do not have enough proof. How can we restrict sensitive data leakage from Printing, "Save as", Copying and Priting screen?
  Thank you for your advice in advance.

  Adobe LiveCycle Rights Management can apply DRM to a PDF file, which prevents printing and content extraction, and links access to the document to a user login - but there is no way to prevent that user saving a copy of the file to disk or a USB drive, or making multiple copies, no from telling someone else their login details. You can revoke access remotely if you suspect a copy has been stolen, but there's no DRM solution for PDF files which can lock the content to a hardware platform, for example in the way a copy of Windows "activates" itself. Opening and copying a file are two entirely-different concepts, and if a LCDRM-encrypted file is published to the Web without the login details to open it, we can be absolutely certain it cannot be cracked as the encryption hashes used by Adobe are so complex they would take billions of years to break, even with government-level resources. Naturally if a user reveals their login details to someone, LiveCycle's audit trail will prove this and you can take legal action against that user, but they may not care if the document has sufficient value.
  Using PDF there is no way to block access to the Print Screen button. Some third-party software converts the PDF into a proprietary file format which only opens in their own software, that in turn attempts to block the print screen keystroke, but it's not hack-proof and the resulting file is of course no longer a PDF. Ultimately if you can see something on screen you can always copy it, either by use of a custom display driver, remote-desktop system or photographing the screen with a cellphone camera, and re-OCRing the pages from those photos.
  Where documents are sufficiently-important to require a guarantee that on-screen reading is the only possible thing a user can do once the file is opened, they should be restricted to using hardware in secured locations, where network access, printers, USB ports etc. can all be removed. This is the approach taken by many enterprise and public-sector agencies; but once a document is distributed to an unregulated location there will always be a way around copy protection on page content if a user can open the file and view it on screen. While there are some interactive page elements in PDF which are harder to "screen scrape" than others (SWF, video and 3D), it can be done. The only elements of a PDF file which can be guaranteed secure even in an unsecure location are invisible features such as scripts when the PDF is protected using LCDRM to ensure it cannot be opened in third-party software.

• Is there a way to avoid a iPlanet Messaging Express home user to copy from the email message ( email content ) body and paste on to a local place( it Hard disk, for an ex )?

  Is there a way to avoid a iPlanet Messaging Express home user to copy and paste email body content and avoid attachment deliver attempts?Cause this could grant home users to take ownership of enterprise's documents, sending to them selves and after that, in their own homes, they access Messaging Express, recieve their email with the forbbiden content and then copy and paste to it's own's hard disk.

  It may be possible, but then what would prevent the user from running a "screen grabber" to capture the data. The underlying question that you need to ask is, "Who can you trust?" If you're concerned about confidential documents being stolen/disclosed, then that is where your security starts. If someone can't access a document, they can't E-mail it or transport it elsewhere. Who says they can only use E-mail? Using ftp is more efficient, or a floppy/Zip/Jazz drive could also be used. Trying to "secure" the E-mail client would be like plugging a single hole in a water pipe full of leaks. You have to shut off the water at the source.

• HP Color LaserJet CM2320nf MP scanning to a PDF

  I  have a HP Color LaserJet CM2320nf MP in my classroom. I need to to be able to scan to a PDF for my confidential documents. I have tried unistalling, reinstalling, setting up printing preferences, updating adobe, and using a different computer.It has previously worked on this computer until I had to reimage it. The only options it gives me for scanning is TIFF, JPEG, PNG, and BMP.
  Thanks!

  Hello  @ssoileau , and welcome to the HP Forums.
  I am sorry, but to get your issue more exposure I would suggest posting it in the commercial forums since this is a commercial product. You can do this at HP Commercial LaserJet Forums.
  I hope this helps!
  Please click “Accept as Solution " if you feel my post solved your issue, it will help others find the solution.
  Click the “Kudos, Thumbs Up" on the right to say “Thanks" for helping!
  Jamieson
  I work on behalf of HP
  "Remember, I'm pulling for you, we're all in this together!" - Red Green.

• Content Server Installed but doesnt respond

  Hi,
      I have installed the Content server on Win2K3 as given in the installation guide.I have installed for file storage on the file system.
      After installation i got the message that everything is ok.But then when i execute the command
  http://<server>:<port>/ContentServer/ContentServer.dll?serverInfo
      I get the response as page cannot be displayed.I want to use the content server for DMS storage so that i can use KPro instead of the vault.
      Same thing when i do
  http://<server>:<port>/
      I get a pop-up asking for the user-name and password but when i give the user name as administrator and password it doesnt allow access.
      Please advise
  Regards
  Ankan Majumdar

  Note Number : 361123
  Symptom
  You want the SAP Content server to work properly.
  Other terms
  Signed URLs, AdminSecurity, SsfVerify failed
  Reason and Prerequisites
  The SAP Content Server was installed in accordance with the installation guide. For new installations, we recommend that you use the latest released version of the SAP Content Server, regardless of the SAP System release to which the SAP Content Server is connected.
  Solution
  This note provides additional information on different aspects of security when using the SAP Content Server.
  Security against data loss
  •     The SAP server content stores the contents of the confidential document either in an SAP-DB instance or in the file system. To avoid data loss, the usual measures for databases and file systems are taken. These are only mentioned briefly here: Redundant hardware (mirror disks, raid systems and so on), regular backup (log files, backup). When you back-up the Content Server, note that you also have to save the ContentServer.ini configuration file as well as the Security directory in addition to backing up the database instance or the directories of the file system used for document content.
  •     Note 319332 describes backup strategies for a Content Server with database folders.
  •     SAP does not have a tool for backing up file system folders. In this case it is the responsibility of the customer to select and convert the backup strategy. Here you should note that, for a complete and consistent backup of a file system folder, it may be necessary to shut down the Content Server for the duration of the backup.
  Security against unauthorized accesses on filed contents
  •     Before you access the content server, an authorization check usually occurs in the SAP system. However, the content server is usually accessed using a disclosed HTTP log. To make sure that only authorized accesses are possible, 'signed URLs' must be used. Signed URLs are URLs that were signed by the SAP system. You can recognize signed URLs because they are considerably longer than unsigned URLs and contain additional parameters. The signed URL, in particular, contains the additional parameters expiration (expiry time) and secKey (digital signature). A signed URL is only valid if the expiry time has not yet been exceeded and if it contains a valid signature. In order that the signature can be checked by the content server, the public key (certificate) of the SAP system must be stored on the content server and tagged for the corresponding repository. Transactions OAHT, OAC0 (as of 4.6C) and CSADMIN (as of 4.6C for SAP content server) are used to transfer the certificate. The certificate must be activated on the content server for the repository. Use CSADMIN to do this (for SAP Content server).
  •     In order that the digital signature of the SAP system can be used properly, EVERY SAP system must have its own unique certificate. To ensure this, a 'PSE' must be generated once in every SAP system after this SAP system is developed. Use transaction PSEMAINT to do this (note 354819).
  •     To protect the connection between the Content Server and its SAP-DB instance, the name and password of the database user can be changed and stored in encrypted format in the configuration of the content server. For details, see note 661852.
  Access control for the administration
  •     The content server is partly administered from within the SAP system, and partly from outside it. When it is administered from outside, you must ensure that only authorized persons have (administrative) access to the server on which the content server is running. The (administrative) access to the database (note 212394) must be restricted accordingly.
  •     In order that administrative accesses from the SAP system are only possible for authorized persons, the parameter AdminSecurity must be set to 1 in the content server. You will find details on this in the installation documentation of the SAP Content Server.
  Protection against server hardware outage
  •     The Windows version of the SAP Content Server can also be installed in an MSCS environment (Microsoft Cluster Server). For more detailed information, see "SAP Content Server 6.20 in an MSCS Environment", dated March 4, 2003, in the "News" section on the SAP Service Marketplace (http://service.sap.com/ha
  •     The duration of the non-availability of content servers, cache servers and alias servers can be reduced with the automated operator intervention described in note 484459.