In this guide you’ll learn how to secure PDF and Microsoft Office files using the SharePoint user interface (UI). Examples of securing a documents in SharePoint include disabling printing and restricting the ability to select or copy a document's text.
In addition you can add user-specific watermarks to documents in real-time (the moment a file is downloaded or accessed). It’s important to note that all watermarks must be applied to a document before they are secured.
You can perform the following to the document using this feature:
- Apply security to MS Word, MS Excel, MS PowerPoint and PDF Files.
- Apply security after user specific watermarks have been applied.
- Apply typical PDF Security including Open Password, Owner Password, Prevent Printing, Prevent Copy, Prevent Document assembly, etc.
- Allow filters to be specified and only apply security when a condition is met, e.g. a Status field is set to Approved, or the user that is accessing the document is in a specific group.
- Apply security to files in Document Libraries as well as files attached to individual list items.
- Works on all MS SharePoint 2007 and later versions.
Automatically Securing documents using the MS SharePoint User Interface
Let’s work through an example to show how easy it is to set this up.
- By default the Secure / Watermark on open facility is disabled so use SharePoint Central Administration to enable the Muhimbi PDF Converter - Automatic Document Processor Feature at the relevant Web Application.
Note: This is a Web Application Scoped Feature, not a Farm or Site Collection scoped one. You also need to enable the Muhimbi PDF Converter - Automatic Document Processing User Interface Feature at either the Web Application level (to enable the screen on all Site Collections) or at the individual Site Collection level.
Once enabled, a new menu named Security settings can be found in the Site Actions / Site Settings screen as well as the List Settings screen on each individual List and Document Library. Default security settings can optionally be specified at the Site Collection level, which can then be inherited at the individual List or Library Level, which is displayed in the following screen.
There are also options to enable security during Insert and Update events. However, the focus of this example is to Secure On Open. In this screenshot we have specified both an Open and an Owner Password. The Owner Password must be set when any of the PDF Security Options are selected, the Open Password is optional.
You can also specify a filter to only secure documents when the person opening the file is in a specific SharePoint group.
Note: You can only use MS SharePoint group names and not Windows group names.
When a PDF or MS Office file is opened from the Document Library, and the user opening it is a member of the specific group in the filter, then security will be applied automatically to the file without modifying the original in the List or Document Library.
Please note that securing files this way is a real-time action and adds some overhead. If there is no need to apply security in combination with user specific watermarks, or based on a user specific filter, then we recommend applying security using MS SharePoint Designer Workflow or Nintex Workflow the moment a file is created or modified.
Securing Different File Formats
PDF Converter allows various file formats to be secured, each file type has its own strengths and weaknesses. For example, the PDF standard allows a range of individual restrictions to be applied to a PDF File, whereas MS Office documents have a much simpler security model.
All supported files formats have the following in common:
- Open Password: By specifying an optional open password, users need to provide the password in order to see the contents of the document. Once opened, the file can be edited unless an owner password is specified as well.
- Owner Password: When the optional owner password is specified, users can open the file without needing to know the password, but they cannot make changes to the document unless they have access to the owner password.
Note: In order to apply restrictions to PDF files (disable print etc), an owner password must be specified and that owner password must be different from the open password. The main differences between the various file types, in the context of applying security, can be found below:
- PDF: The PDF standard supports additional security features such as restrict printing, restrict content copying, etc. These restrictions are not supported by the various MS Office file formats.
Note: In order to apply restrictions to PDF files, an owner password must be specified and that owner password must be different from the open password.
- MS Word: MS Word document format supports the standard open and owner passwords described above. If the source document is already encrypted by means of an open password, then it is not possible to change the open or owner password.
- MS Excel: MS Excel supports the standard open and owner passwords described above. If the source document is already encrypted by means of an open password then it is not possible to change the open or owner password.
- MS PowerPoint: MS PowerPoint supports the standard open and owner passwords described above. If the source document is already encrypted by means of an open password, then it is not possible to change the open or owner password. In addition, if the source presentation is already secured using an owner password (read-only) then it is not possible to add an open password or update the owner password.