Document Permissions Question

Similar Messages

• Firefox's pdf.js completely ignores PDF document permissions.

  Firefox's new JavaScript PDF Viewer pdf.js is really a disaster.
  It completely ignores PDF document permissions set by Acrobat Professional and so on.
  With Firefox's pdf.js people can freely print any PDF and copy the texts and images.
  This was reported as a bug in bugzilla@mozilla but it seems that it is going to be fixed soon.
  Bug 792816 - pdf.js doesn't respect document permissions
  https://bugzilla.mozilla.org/show_bug.cgi?id=792816
  Bug 845302 - Firefox 19.0 pdf viewer ignores pdf encryption
  https://bugzilla.mozilla.org/show_bug.cgi?id=845302
  Does nobody in Adobe voice one's disagreement about this?

  This isn't a new issue - most of the third-party PDF reading applications have been ignoring the permissions headers in a PDF for years, and some claim it's perfectly valid for a user to be able to override password-based restrictions on copying/printing under 'fair use'. Adobe disagrees, as do I, but the nature of the PDF document structure means that it's trivial for any application to ignore those restrictions. You certainly don't need the password. Acrobat warns you the first time you use the Protection tools that  Adobe always respects the permissions you set even if other vendors choose not to.
  As has been said many times; the only way to truly secure the content of a PDF file against printing or copying is to use LiveCycle digital rights management, as that forces the PDF to be opened in Adobe software and nothing else. If you cannot afford LCDRM, you have to accept that your 'secured' PDFs are anything but.

• Reader X – Document permissions problem

  I have a problem with Adobe Reader X and a reader plugin which provides a custom security handler. Well, the SDK Version of this plugin is rather old, but worked till the latest Adobe Reader 9 version.
  Most of the functions still work (plugin can be loaded, callbacks are ok, reader enabling accepted), except the security permissions.
  The weird thing is that the security properties of the encrypted document shows that I’m allowed to to print or comment, fill in forms etc, but no menu entry or buttons are available (greyed out) in the reader.
  Some debugging of the plugin didn’t show anything suspicious, even after returning only “pdPermAll” in every security handler callbacks the reader won’t enable the functions.
  For me it looks like a bug in the reader X, because of the difference between the shown security settings and the real behavior.
  Or does anyone know about a API change, so that the old, simple version of the security handler is missing something?
  Adobe Reader X (10.0 and 10.0.1)
  Windows XP SP3 ( on 2 different machines)

  Post your question in the forum for Acrobat SDK.

• SharePoint Document Permissions?

  I have a (what I thought is a simple task):
  I would like to set permissions on my SharePoint 2013 on-premise as follows:
   1. Each department has its own site (e.g Finance, HR, Admin etc)
   2. I would like all Staff to be able to browse to each department site
   3. The documents library should be accessible to members of the department in question
   4. The files/folders in the document library should have List only access to all other
  staff except if a particular file/folder has been explicitly shared with them.
  Sounds simple right? Here's the problem I have:
  Number 1 is done
  Number 2 is done
  Number 3 is done
  Number 4 I have managed to do by granting View Only access to everyone and Read access to the Departmental members as needed.
  I am not sure this is the best way to do it but it seems to work. Staff that are not members of the department can access the site, see the list of files but cant open them.
  However.... I also have Office Web Apps and if they click the file it shows the contents of the file in Office Web Apps which is pointless if you don't want them to see the contents.
  Prime example would be HR site. They have some very sensitive documents that should not be seen by non HR staff but other documents that they wish to share, should be open to all staff. I don't wish to have separate Document Libraries.
  How can I achieve this seemingly simple task??
  Thanks

  Hi Paul - I have just tested that exact scenario you suggested again as I was hoping I had done something wrong in my previous testing and that it was in fact that simple.
  Here's my problem though, but first the steps I followed so you can tell me if I did anything wrong:
  1) Stop inheriting permissions on Document Library
  2) Remove groups (other than admin type groups) from Document Library
  3) Login with normal user (Lets call him Bob)  - he cant see (hence browse) the Document Library at all and gets a permission denied when explicitly browsing to the Document Library URL.
  4) Create a test Word file under root of Document Library - called Wordtest1.docx
  5) Create a test Folder under root of Document Library and inside that folder create a second test Word file called Wordtest2.docx
  6) Share the root Testword1.docx file with Bob. Bob can open this file via direct URL but cant browse the file because the Document Library URL still shows as no permission.
  7) If I change the permission on the Document Library to allow "View" access then he can browse the files....but then via Office Web Apps he can also see inside every single document in the Document Library (even those not shared with him) which
  is pointless.
  8) PS: The reason I created the folder structure in point 5 above is that I found that if I have the Document Library as a web part on the main page of the Department site, I can see the file that has been shared with me. Yay. But if I share the file that
  is in a folder within the Document library that file does not display and hence I cant see it or browse to it. F%$#
  I really hope you can show me the error of my ways but I just cant see how I can achieve this which puts my whole SharePoint roll-out in huge jeopardy.
  eim-operator - with regards the "shared with me" option on their personal page, correct me if I am wrong but this needs to be an additional 3rd party app as its not currently available on a Sharepoint on-premise solution, right?

• How do document permissions differ from its document library and a content roll-up webpart?

  I have an excel spreadsheet (a group schedule), in a document folder, on a page that only IT management can see/access/edit, in a site that all IT group members have access to.
       for example: http://IT Group site/IT Management Page/Schedule/2015.xlsx
  On the group's homepage, I have a content roll-up web part that displays all document library contents in the group site.
  IT management consists of 3 people. They can all edit the spreadsheet from the original location, but when they access the document from the content roll-up web part on the group's homepage, they cannot save any changes.
       Accessing the file from here: http://IT Group site - content roll-up web part link "2015.xlsx" points to "IT Group site/IT Management Page/Schedule/2015.xlsx"
  The error received says "'http://IT Group site/IT Management Page/Schedule/2015.xlsx' is read-only. To save a copy, click OK, then give the workbook a new name in the Save As dialog box."
  Where would the permission issue be?
  As the SharePoint site owner, I can access the file without any problems saving from either location. Also, I created an IT Management group that has full control over the IT Group site/IT Management Page, and full control over the IT Group site.
  Thanks for any info you can share.
  Stephanie

  Thanks Cameron -
  I have no special settings on the document library where the schedule is saved. No content approval necessary or different permissions. The library is set to open documents in client application, and check-in, check out is not activated.
  I have logged in to one of their computers. They can access the spreadsheet directly from the document library and make changes freely, and save that version directly to the server, but not from any web parts. Just to test, I created a summary link web part
  on the same page that lists the document library, created a link to the file, and the file opens, but they cannot save any changes without renaming the file. The only place they can truly edit the spreadsheet without renaming is from the document library
  directly.

• Index and document name question

  First of all, thanks for an XML database that actually works. After trying multiple other DBs, I was finally able to insert my 100000 XML documents and it worked.
  I inserted all the documents using dbxml_load_container which uses the filename and DBXML_GEN_NAME and inserts it to the container.
  Now for my purpose I will always query a specific document by its name which would be something like:
  $query = "collection('exampleData.dbxml')/*"/*[dbxml:metadata('dbxml:name')=somename]";
  (correct me if the query is wrong).
  Do I need to create any sort of indexes or anything for such queries? I will never query the container based on some attribute or node value or anything.
  Thank you.

  Hi
  Do I need to create any sort of indexes or anything for such queries? I will never query the >container based on some attribute or node value or anything.
  unique-node-metadata-equality-string for node {http://www.sleepycat.com/2002/dbxml}:nameYou do not need an index on the document names, as Berkeley DB creates the above index for you.
  A query like this will use the index:
  query 'doc("emp1/dbxml_9")/employee'
  Let us know if you have further questions.
  Ron

• Repair Disk Permissions question...

  I keep getting this after I repair disk permissions :
  "Permissions differ on "System/Library/LaunchDaemons/com.apple.usbmuxd.plist", should be -rw-r--r-- , they are -rwxr-xr-x .
  Warning: SUID file "System/Library/CoreServices/Finder.app/Contents/Resources/OwnerGroupTool" has been modified and will not be repaired.
  Group differs on "private/etc/cups", should be 0, group is 26.
  Permissions differ on "private/var/spool/cups/cache/rss", should be drwxr-xr-x , they are drwxrwxr-x ."
  Can someone please tell me what this means?...and especially the Warning: SUID...something modified and will not be repaired?...is this something I should be concerned about?...
  Wasn't sure where to put this question...if it's in the wrong place please tell me and i'll post it elsewhere...
  Thanks for help in advance...
  M
  Message was edited by: Morris Taub
  Message was edited by: Morris Taub

  Hi Morris,
  Here's the Apple article on the subject:
  http://support.apple.com/kb/TS1448
  Apparently it is not a problem. Mine started giving these after the 10.5.5 update.

• Document Center Question

  I have posted this question in the Document Center forum, but given that it seems nobody is present there I will post it here.
  It is my understanding that Acrobat.com is for Adobe forms and Document Center is meant for LiveCycle.  I signed up for the DC, but would now like to disable, or unsubscribe, from that site.  Who can I go to?  Like I said, my post on that forum is still there from several days ago, so it does not appear that anyone is paying attention.  I have a business to run and can't mess around trying to get something to work that is not in full operation.  I will stick with Acrobat.com, but want to get rid of the DC.  Does any moderator here have a constructive suggestion?  Thanks.

  Thank you; much appreciated.  I suppose it is a case of realy not understanding how the different applications can be used.  Even though there are many tutorials on the subjects, it is still confusing.  People such as myself who are simply trying to build paperless systems need to be able to trust that what the programs say they will do will actually work without a lot of hassle.  From reading the many posts here, and elsewhere, it is apparent that glitches are the norm, and cause a loss of trust.  Easier to work with a pencil and paper in that case.
  Cheers.

• DBA Studio / Permissions question

  Sorry to ask this here, but I couldn't figure out the relevant forum and this one looked busy.
  I am trying to use DBA Studio to grant permissions on tables, etc. I can't seem to create a connection that has permissions to grant priviliges to objects not owned by the connection. For example, when connected to DBA studio with the SYSTEM account, I am not able to assign select for BDMS objects to the BDMS_ALL account.
  Is there any way to grant priviliges to SYSTEM or any other account where I can assign security permissions to objects owned by another user? I am going to write a permissions management application and would greatly prefer not having to create multiple connections / logons to set permissions.
  Matthew Cromer

  Though i could not understand u r problem properly, but i am sure that if u use the 'system' account with loged in as a 'sysdba' not a normal user, u could be able to give the previleges on any obkect to any user.
  santosh.
  for anyfurther questions contact
  [email protected]
  <BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by sdaconsulting:
  Sorry to ask this here, but I couldn't figure out the relevant forum and this one looked busy.
  I am trying to use DBA Studio to grant permissions on tables, etc. I can't seem to create a connection that has permissions to grant priviliges to objects not owned by the connection. For example, when connected to DBA studio with the SYSTEM account, I am not able to assign select for BDMS objects to the BDMS_ALL account.
  Is there any way to grant priviliges to SYSTEM or any other account where I can assign security permissions to objects owned by another user? I am going to write a permissions management application and would greatly prefer not having to create multiple connections / logons to set permissions.
  Matthew Cromer<HR></BLOCKQUOTE>
  null

• Rights managment off line permit question

  I set a policy to allow off line for 2 days as well as an off line permit for a group with in the policy. Then I opened it and checked the policy, and found it set correctly. When I tried to open it again off line it gave me a message that the computer must be connected to the Internet to open the document. What did I do wrong??

  For a document to be opened offline, a "Principal Key" for the user who has "offline" permissions is required on the client system that is being used to view the document.
  If the document has been opened while online, then the synchronization should be occurring in the background.  If the document has never been opened, and no synchronization (of principal keys) has occurred, then the document will not open offline.  Each time a connection is established between Acrobat or Reader with the Rights Management server, the client should synchronize with the server and get any principal keys that related to documents that the user has offline permissions.
  Try forcing a synchronization, from Acrobat select Advanced > Security > Adobe LiveCycle Rights Management > Synchronize for Offline.  If you are using Reader, select Document > Security > Adobe LiveCycle Rights Management > Synchronize for Offline
  Regards
  Steve

• Document permissions problem in Reader X

  Already postet in Reader Forum, but got a reply that I should post it here.
  I have a problem with Adobe Reader X and a reader plugin which provides a custom security handler. Well, the SDK Version of this plugin is rather old, but worked till the latest Adobe Reader 9 version.
  Most of the functions still work (plugin can be loaded, callbacks are ok, reader enabling accepted), except the security permissions.
  The weird thing is that the security properties of the encrypted document shows that I’m allowed to to print or comment, fill in forms etc, but no menu entry or button is available (greyed out) in the reader.
  Some debugging of the plugin didn’t show anything suspicious, even after returning only “pdPermAll” in every security handler callbacks the reader won’t enable the functions.
  For me it looks like a bug in the reader X, because of the difference between the shown security settings and the real behavior.
  Or does anyone know about a API change, so that the old, simple version of the security handler is missing something?
  Adobe Reader X (10.0 and 10.0.1)
  Windows XP SP3 ( on 2 different machines)
  Adobe Acrobat 7 on Vista used for encryption

  Since you have a Reader Integration Key, to be able to develop plugins for Reader, then you also have a developer account with Adobe.  I recommend that you file a formal support case including a copy of your plugin and all relevant details.

• Disk utility permissions question

  Hello,
  I am VERY happy with my Mac. However, since installing OS10.5 (upgrade from my 10.4) whenever I used my Disk Utility to repair permissions, I get a HUGE list of repairs. Every time I used the Utility, it comes up with this huge list that, as far as I can tell, is all the same.
  So my question is, is it actually repairing the permissions?
  I've never had this happen on my previous OS. If something showed up, it repaired it and then, when I run the utility again, it shows that all is well and no repairs are necessary.
  Can anyone help me? I have also been having problems with my Toast Titanium 10 and my MOTU Digital Performer 5 since my OS upgrade.
  I took a screen shot of my Utility permissions after it's been run. I could send that to you if you would need to see it.
  Thank you for all your help!!!!!!!!!!!!

  Welcome to Apple Discussions:
  It's always good to search first.
  Check this thread for starters:
  http://discussions.apple.com/thread.jspa?messageID=9422112&#9422112

• Restore and Permissions Questions

  I'm wondering what my restore options are going alllow me to do. Let me elaborate on my situation and it might reveal why I am posting a new topic.
  I bought my macbook pro used, and it came with ilife and mac office installed. I used time machine to back up this OSX partition. The macbook pro is working perfectly, but small ghosts from the previous owner are bothering me.
  When I received the macbook pro, I changed the user name and password. I logged out and came back in as my newly created identity to find that my home folder in finder was still the previous user account. It had created a new home folder for the user I created, but the "default" home folder was still set to the previous user. Looking in User Accounts, that previous user name isnt listed, yet I noticed in Activity Monitor that all the applications are being launched as that previous user account.
  Its these ghosts that make me want to reformat for my piece of mind. My question is can I use Time Machine to preserve the software like ilife and mac office onto my new installation? Furthermore, will time machine handle reassigning the permissions from the old file system to the new? Or am I stuck with this previous owner's info?

  I'm not sure what's going on, but if there's no "macpro" in the NetInfo database, then you've already changed something around when you tried renaming the accounts. Not being able to "see" what's there makes it difficult for me to know how to proceed. I'm not confident that what I may suggest will be correct without looking into these accounts which I can't really do under the circumstances.
  The only sure thing I can recommend is erasing the drive and starting over from scratch, but I don't know if that's feasible for you to do. If not, then you could reinstall OS X doing an Archive and Install which doesn't require erasing the drive:
  How to Perform an Archive and Install
  1. Be sure to use Disk Utility first to repair the disk before performing the Archive and Install.
  Repairing the Hard Drive and Permissions
  Boot from your OS X Installer disc. After the installer loads select your language and click on the Continue button. When the menu bar appears select Disk Utility from the Installer menu (Utilities menu for Tiger.) After DU loads select your hard drive entry (mfgr.'s ID and drive size) from the the left side list. In the DU status area you will see an entry for the S.M.A.R.T. status of the hard drive. If it does not say "Verified" then the hard drive is failing or failed. (SMART status is not reported on external Firewire or USB drives.) If the drive is "Verified" then select your OS X volume from the list on the left (sub-entry below the drive entry,) click on the First Aid tab, then click on the Repair Disk button. If DU reports any errors that have been fixed, then re-run Repair Disk until no errors are reported. If no errors are reported, then quit DU and return to the installer.
  If DU reports errors it cannot fix, then you will need Disk Warrior (4.0 for Tiger) and/or TechTool Pro (4.5.2 for Tiger) to repair the drive. If you don't have either of them or if neither of them can fix the drive, then you will need to reformat the drive and reinstall OS X.
  2. Do not proceed with an Archive and Install if DU reports errors it cannot fix. In that case use Disk Warrior and/or TechTool Pro to repair the hard drive. If neither can repair the drive, then you will have to erase the drive and reinstall from scratch.
  3. Boot from your OS X Installer disc. After the installer loads select your language and click on the Continue button. When you reach the screen to select a destination drive click once on the destination drive then click on the Option button. Select the Archive and Install option. You have an option to preserve users and network preferences. Only select this option if you are sure you have no corrupted files in your user accounts. Otherwise leave this option unchecked. Click on the OK button and continue with the OS X Installation.
  4. Upon completion of the Archive and Install you will have a Previous System Folder in the root directory. You should retain the PSF until you are sure you do not need to manually transfer any items from the PSF to your newly installed system.
  5. After moving any items you want to keep from the PSF you should delete it. You can back it up if you prefer, but you must delete it from the hard drive.
  6. You can now download a Combo Updater directly from Apple's download site to update your new system to the desired version as well as install any security or other updates. You can also do this using Software Update.

• Keychain Slash Permissions Question

  Hello;
  I am learning about my Keychain application and I need help to understand what it is I am looking at.
  I have Keychain open with the "Show Keychain" button activated, and I have activated both "Search for .Mac Certificates" and "Search Directory Services for Certificates" in the Keychain preferences, and both those icons are visible in my Keychain listings, but they (the locks) are both shadowed over and cannot be unlocked.
  Question:
  Am I not supposed to have access to those 2 icons, such that they are supposed to be locked and shadowed over, or should I have the option to unlock those icons?
  And a broader question:
  Are there any ownership permissions in a mac that the user/mac owner may never change/access/or alter the permissions to, or is every permission and/or ownership technically changeable or alterable by the mac (admin and/or root) user?
  Thanks,
  Damon
  Dual 2.5 Ghz PowerPC G5 & Macbook 2 GHZ Intel Core 2 Duo Mac OS X (10.4.9)
  Dual 2.5 Ghz PowerPC G5
  Dual 2.5 Ghz PowerPC G5 Mac OS X (10.4.9)
  Dual 2.5 Ghz PowerPC G5    

  And if I may ask;
  How might I get mac in a position where I have full access to all the privileges and ownerships?
  I have reinstalled and erased and reinstalled more times than I can count and to no avail. When I reinstall OSX over my current installation, preserving the user settings, then going for a clean install, the install process always quits due to an error.
  I downloaded that Clix Unix application and and ran the show firmware password script, this is what was revealed - ÄÅÄÏ
  show OF password
  echo -e `nvram -p | grep password | awk '{ print $2 }' | sed s/\%/'\\\x'/g`
  ÄÅÄÏ
  How did it get there? I cannot say for sure, but I am on a family network and there was at least 1 windows machine that needed a serious cleansing.
  But any who, I am unable to reinstall OSX such that ÄÅÄÏ and all its buddy code does not simply reappear after the reinstall.
  Or rather, how do I go about removing ÄÅÄÏ from my computer?
  And I should mention, the same ÄÅÄÏ is in both my macs. The second of which was ÄÅÄÏ-ed right after purchased new and hooked into my family network, which has also been examined by tech people and found to be clean and not compromised, leaving me to presume that whatever allowed ÄÅÄÏ into my macs was allowed there by someone much more technically advanced than most.
  So I got ÄÅÄÏ in both my G5 and my new powerbook. How to I help my macs recover from severe trauma and victimization?
  Blessings,
  Damon Feels Rooted
  In the immortal words of Mr. William Campbell, President of Philip Morris USA, "I believe nicotine is not addictive, yes."
  Dual 2.5 Ghz PowerPC G5

• Defining Ownership & Permissions Questions

  Is there any help/knowledge document that explains what all the arcane terminology of the Ownership and Permissions boxes include? I'm a little fuzzy on how all that stuff works, such as the differences between "Owner," "Group," "Other," etc. As curiosity, I'd love to know what "amavisd," "nobody," "nogroup," etc. etc. etc. means.
  I own a couple of macs (desktop and laptop), and now have other people using them sometime (mostly my kids), and just would like to know how these things work, but I can't find any knowledgebase information other than the basic "this is how to set your ownerships" article.
  Thanks,
  Mark

  In a nutshell:
  Every file and folder has an owner. Pretty much everything in your home folder is owned by you. By default, any files that are created by you are owned by you and you have read and write permission to them.
  In addition to the ownership, there is a "group" setting for every file or folder. The group setting is handy if you run multiple users and you want to create a custom group with special file permissions for the purpose of sharing files. When you create a new file or folder, the system looks at the group of the enclosing file or folder and assigns that group to the privileges of the new file/folder. But by default, the group permissions on new files created by you are read-only. To change the group name or group permissions to "read and write" or "no access" you must do that manually.
  There is also a third setting, for "others". This is read-only for new files. If you want to set Read & Write or No Access, you have to change it manually.
  As for the users "mailman, nobody", and the groups "wheel, jabber" etc., you can just ignore them. They are used for internal OS X process and you needn't concern yourself with them.