Skip to main content
Insert Banner Message here.



Welcome to Community

Standardize handling of protected PDFs




  • Official comment
    Florian Letourneux

    Hi Kevin,

    Thanks for logging this enhancement.

    Another solution could be to have the ability in Vault to add password protections to viewable renditions. Would that solve your issue?

    Are you using permissions and/or doc open password security?

    We will keep your request under consideration for future releases.



  • Kevin O'Brien

    Hi Florian,

    Thanks for considering this request. Perhaps I'm not understanding the implication of your question about "having the ability in Vault to add password protections to viewable renditions," but let's table that for a second. Let's make sure we're aligned on the simplicity of my request. Here's a silly analogy that may help.

    If I go to the airport with a carry-on bag (a PDF on my local computer), that bag contains a padlock on the zipper (the password protection on the PDF), and I have TSA Pre-Check clearance, I am presented with two security lines. One is the Pre-Check line (upload my PDF as a source file) and one is not (upload my PDF as a viewable rendition). My goal is to get through security (the upload process) and have my carry-on with me on the other side with that padlock locked (my protected PDF as a viewable rendition). So I want to get from a common Point A to a common Point B via two similar but different paths.

    Let's say I go through the Pre-Check line (upload PDF as a source file). The TSA agent (Vault) X-Rays my bag (my PDF) and sees no issue with the padlock (the PDF password). I walk off with my bag with the zipper locked (the PDF has made it to the viewable rendition slot... acknowledging that it first was made the source file and Vault did its magic to also make it the viewable rendition).

    But what if I go through regular security (upload my PDF as the viewable rendition of an existing document)? The TSA agent (Vault) X-Rays my bag (my PDF) but decides that the padlock (my PDF password) isn't allowed. They refuse to let me take it through as-is. This is the exact same bag and padlock from the Pre-Check line. This TSA agent is enforcing different rules. So my options are: 1) take off the padlock (password) and move on, or 2) claim that the padlock (PDF) is critical and leave both the bag and padlock behind.

    Vault today is enforcing two sets of rules. In my opinion, I just want to get to the same common Point B. Perhaps you're alluding to bigger-picture changes that could impact both paths, and I'm OK with that. But ultimately I'd want to see consistency in the rules rather than an upload-viewable-rendition-specific new rule. My request is to have the same rules for both upload paths.

    Does that help clarify things?

    And for the record, here are the PDF security settings on the file we used for testing:

    Security Method: Password Security
    Document Open Password: No
    Permissions Password: Yes
    Printing: High Resolution
    Changing the Document: Not Allowed
    Commenting: Not Allowed
    Form Field Fill-in or Signing: Allowed
    Document Assembly: Not Allowed
    Content Copying: Allowed
    Content Accessibility Enabled: Allowed
    Page Extraction: Not Allowed
    Encryption Level: 128-bit AES

    Let me know if you'd like to discuss this further on a call.


  • Florian Letourneux

    Hi Kevin,

    Sorry for the delay and thanks for your clarifications.

    I wanted to understand your use case and specifically why you need to import a manual renditions (protected in this case). That's why I asked if the ability in Vault to add password protections to viewable renditions would address your needs. Let me know if that feature would be useful for you.

    Thanks for illustrating your point. The reason that Vault today is enforcing "two sets of rules" is that manually-uploaded renditions are not processed/altered in Vault, only displayed, while Vault-generated renditions are created and processed in the renditions servers incl. file security (the source file is not altered). The same approach applies to OCR. Only PDF scan files uploaded as source file get OCRed, not manually uploaded PDF scan files.

    Please let me know if that helps clarify Vault behavior and if you want to discuss this further on a call.

    Best regards,



Please sign in to leave a comment.

Powered by Zendesk