How policies work

Policies contain information about the authorized users and the confidentiality settings to apply to intellectual property. Document Security recognizes users included in a linked LDAP or Active Directory list. Users can also be people who were invited to register with Document Security or for whom the administrator created an account.

The confidentiality settings in a policy determine how the recipients can use files that are protected by the policy. For example, policies specify whether recipients can print files, copy content to other files, or save changes to protected files. Policies can also specify different confidentiality settings for various users.

When you apply a policy to a file, the information that the file contains is protected by the confidentiality settings that are specified in the policy. When you distribute the file, Document Security authenticates the recipients who attempt to open the file and authorizes access according to the privileges specified in the policy.

After a policy is applied to a file, the confidentiality settings of the policy can be changed at any time. You can add or remove authorized users or change the privileges for users after they received the file. The policy applied to the file can be changed. And, access to the file can be revoked so that anyone with a copy of the file can no longer open it.

If the policy permits offline access, recipients can also use policy-protected files offline (without an active Internet or network connection) for the time period specified in the policy.

How policy-protected files work

For a user to open and use policy-protected Word, Excel, and PowerPoint files, the policy must include the user as a recipient. Or, it must allow anonymous access. And, the user must have the Document Security Extension for Microsoft® Office installed. To give a policy-protected file to someone who does not have Document Security Extension for Microsoft® Office, you can give them a copy of the software. Or, you can tell them how to download it from your website. If you do not have the installer, you can download it from the download page.

When a user attempts to open a policy-protected file, the Document Security Extension for Microsoft® Office connects to Document Security to authenticate the user. If Document Security is configured to audit file usage, the user sees a notification indicating that the file usage is being audited. Document Security determines which file permissions to grant the user and the user can then use the file according to the policy settings, under these conditions:

  • For the validity period that is specified in the policy.

  • Until an administrator or the person who applied the policy either revokes the access to the file or changes the policy.

    If the person who applied the policy changes the policy or revokes access to the file, the user’s permissions for the file are changed or removed even though the user already has the file. If the file itself was revoked, a URL may be provided to the user to get an updated copy.

    If the policy allows offline access, users can open policy-protected files without an Internet or network connection during the specified offline lease period. When the offline lease period ends, the user must go online and synchronize with Document Security, which starts a new lease period.

    If the policy allows offline access, users can open policy-protected files without an Internet or network connection during the specified offline lease period. Events, such as attempts to open the new file, are also audited and recorded the same as for the original file.

Using Document Security to protect your files

You can use policies to protect your files in various situations.

For example, a manufacturer is accepting bids from vendors who provide parts for a new product. The manufacturer must provide the bidders with proprietary information to finalize their submissions. The manufacturer uses Document Security to protect the files with a policy that allows the bidders to open the files and view the information. However, bidders are prevented from changing, printing, or copying the files and anyone who does not have permission is prevented from opening the files.

After accepting a bid, the manufacturer updates the policy to grant the successful bidder permissions to print, copy, and save changes locally. The manufacturer also removes the unsuccessful bidders, revoking their permission to open the files.

While working with the successful bidder, the manufacturer’s engineers change some of the design specifications in the files. To publish the new specifications, the manufacturer revokes access to some of the files and publishes new versions. When engineers for the successful bidder attempt to open the file, they see a message that access to the file was revoked. The message contains a URL where they can download a new version of the file.

Additional Information

The resources in this table can help you learn more about AEM Document Security:

For information aboutSee
AEM forms Administrator HelpAdministrator Help or, on the Document Security administration pages, click the Help link in the upper-right corner of a page.
Patch updates, technical notes, and additional information about this product versionExperience Cloud Technical Support

Espressos & Experience Manager: AEM Forms

Espressos & Experience Manager

Thursday, Mar 6, 7:00 PM UTC

Join Adobe's AEM product team as they highlight AEM Forms' latest innovations, including: the new Gen AI Assistant, Unified Composition with AEM Sites, and new ways to deploy forms through conversations.

Register

The Perfect Blend: A New Era of Collaboration with AEM and Workfront

Adobe Customer Success Webinars

Wednesday, Apr 2, 5:00 PM UTC

Explore how Adobe Experience Manager and Workfront integrate to help teams move from ideation to delivery without the usual bottlenecks, ensuring content is organized, on-brand, and ready to go live faster.

Register

Connect with Experience League at Summit!

Get front-row access to top sessions, hands-on activities, and networking—wherever you are!

Learn more