by PT 8.61
Randall Groncki
Introduction
PeopleSoft safeguards the data within the online application by requiring the user to provide valid login in formation and then enforcing row level security. That user can only see pages they have been granted access and then see the data according to their security profile.
But what about PeopleSoft generated reports?
Yes, the user creating the report has access to the report and the data within the report, but anyone with access to the report after creation can see that same data. A report can be emailed, printed, and copied to those who don’t have the correct access. Once that report left PeopleSoft, its security is dependent on good user discipline.
Using PeopleTools, we can add additional security features to BI Publisher generated PDF reports to help safeguard your company’s data.
As a note, the security options discussed here are for BI Publisher generated PDF reports. These security options do not apply to other output formats such as Excel or HTML.
PeopleBooks PDF Security Options detail (8.61)
Security Options with BI Publisher PDF Docs
Please refer to BI Publisher PeopleBooks for more in-depth details on each of these properties (Reporting and Analysis Tools > BI Publisher for PeopleSoft > Setting Up BI Publisher > Setting Up BI Publisher > Defining Global Properties > Generating Secure PDF Output)
Navigation to PDF Security Controls
Global Defaults: Home > Reporting Tools > BI Publisher > Setup > BI Global Properties
• Choose the “PDF Security” Property Group
• This sets the Security for all BI Publisher PDF Reports
Individual Report Defaults: Home > Reporting Tools > BI Publisher > Create BIP Report Definitions
• Choose your report
• Click on the “Properties” tab
• Choose the “PDF Security” Property Group
The following controls can be set on each report definition.
Enable PDF Security
Property: enable-pdf-security
This is the master switch for BI Publisher PDF security.
Set this to True to enable PDF Security features.
Password Protected Document
Property: pdf-open-password
This will most likely be the most popular security feature.
Set the password the user must enter before viewing the PDF Document. You can set a default common password here that every PDF version of this report will use. If the user doesn’t have the password, they can’t see the document.
PDF Permissions Password
Property: pdf-permissions-password
This sets the password allowing users to override the PDF Security settings. It’s a good idea to set a different document settings password from the access password.
This password is required to implement features such as disable copying and printing.
PDF Encryption Level
Property: pdf-encryption-level
Specify the encryption level for the output PDF file. The possible values are:
• 0: Low (40-bit RC4, Acrobat 3.0 or later)
• 1: Medium (128-bit RC4, Acrobat 5.0 or later)
• 2: High (128-bit AES, Acrobat 7.0 or later)
• 3: Highest (256-bit AES, Acrobat X (10) or later)
The default value is 2. However, not all additional PDF security measures are enabled if 0 or 1 is selected. See PeopleBooks for details.
Disable PDF Printing
Property: pdf-no-printing
This disables the user’s option to print the PDF to printer or other PDF Document, thus mitigating most security measures.
The default value is false
Disable Changing PDF Document
Property: pdf-no-changing-the-document
When true, the PDF cannot be edited.
Disable Context Copying, Extraction, and Accessibility
Property: pdf-no-cceda
When true, context copying, extraction, and accessibility features are disabled.
Disable Change Comments and Form Fields
Property: pdf-no-accff
Disable PDF Comments and editing of Form Fields.
Disable Copying PDF Data
Property: pdf-enable-copying
When set to True, copying of text, images, and other content is enabled
Disable Changes
Property: pdf-changes-allowed
This enables the user’s ability to change the document depending on the level selected.
• 0: No Changes
• 1: Allows inserting, deleting, and rotating pages
• 2: Allows filling in form fields and signing
• 3: Allows commenting, filling in form fields, and signing
• 4: Allows all changes except extracting pages
Disable PDF Printing
Property: pdf-printing-allowed
This sets the quality available to print the PDF document.
• 0: None
• 1: Low resolution (150 dpi)
• 2: High resolution
This property only works if the pdf-no-printing is set to false.
Setting the Security Options on a BI Publisher Report Definition
Navigate to the BI Publisher Report Definition and the Properties Page
Home > Reporting Tools > BI Publisher > Create BIP Report Definitions
• Choose your report
• Click on the “Properties” tab
• Choose the “PDF Security” Property Group
Set property pdf-security = True
Set property pdf-open-password to the document password
Set property pdf-permissions-password to an admin password for protecting the document options.
Set property pdf-encryption-level = “3” (the highest encryption level)
Save the document
Click on the “Template” tab and preview the document.
When the document pops up in a new browser tab, it prompts the user for the document’s password.
Type in the password entered on the properties page and the document content appears.
These security settings are in the document, not the presentation of the document. Whether you send the PDF to the Report Manager or pop it up into a new tab, the security will stay with that document.
If the user downloads or emails the PDF locally, the security will still be on the document.
Setting the Security Options at runtime with PeopleCode
We can use PeopleCode with the delivered ReportDefn class to set any of these properties at runtime. This provides the ability to dynamically set the properties such as setting a unique password to each user creating the report.
The PSXP_RPTDEFNMANAGER:ReportDefn.SetRuntimeProperties() method allows us to override any setting on the BI Publisher Report Definition tab with our values. It’s important to use this method so BI Publisher can override the current values just prior to report processing.
The SetRuntimeProperties method takes two Arrays of String as parameters:
• Array of String with Properties to override
• Array of String with Override values
Here is how that may look in the code.
import PSXP_RPTDEFNMANAGER:*;
instance PSXP_RPTDEFNMANAGER:ReportDefn &BI_Pub_Rpt;
Local array of string &AS_PropName = CreateArrayRept("", 0);
Local array of string &AS_PropValue = CreateArrayRept("", 0);
&BI_Pub_Rpt = create PSXP_RPTDEFNMANAGER:ReportDefn("X_PT3_PDFSEC");
&BI_Pub_Rpt.Get();
&AS_PropName.Push("pdf-security");
&AS_PropValue.Push("True");
&AS_PropName.Push("pdf-encryption-level");
&AS_PropValue.Push("3");
&AS_PropName.Push("pdf-permissions-password");
&AS_PropValue.Push("test");
&AS_PropName.Push("pdf-open-password");
&AS_PropValue.Push("PT3");
&BI_Pub_Rpt.SetRuntimeProperties(&AS_PropName, &AS_PropValue);
&BI_Pub_Rpt.SetRuntimeDataXMLFile(&Str_FQ_Filename_Path);
&BI_Pub_Rpt.ProcessReport("X_PT3_PDFSEC_1", "", %Date, "");
CommitWork();
&BI_Pub_Rpt.DisplayOutput();
