revoke expire delete document access

Revoke PDF Documents

Revoking Document Access, document expiry and remote file deletion

Protect IP

Protect documents no matter where they reside:

Stop unauthorized access
Stop sharing and distribution
Strong US Gov strength encryption, DRM and licensing controls

Restrict Use

Set Expiry

Revoke Access

Watermark

Log Use

Comply Law

Benefits

Revoking Document Access

There will be many occasions when you need to revoke documents you have published:

the information contained in the documents is no longer valid because it is out of date or wrong
you feel your documents are being misused
the wrong document was distributed to people in the first place

This guide examines some of the options you can use to revoke document access (revoke authorization or access to a PDF file) and explains how you can use Safeguard PDF Security to achieve this.

The PDF DRM and licensing controls in Safeguard PDF Security give you a number of ways of stopping documents from being used once they have been issued.

Using Document Expiry to revoke access to PDF files

You can set documents to expire in specific circumstances. This is done when a document is protected and is bound to the document at that time (although can be changed at a later date from the administration system):

On a set date
After a number of days from first use
After a number of views
After a number of prints

For company documents it is normal to have set an expiry end date, which is when they would normally be superseded. The other expiry methods are more likely used to control documents used in training courses, and documents for evaluation.

It is possible to set a document expiry end date of ‘never’ so the document never expires, but if you do the end date cannot be changed. You can however change document expiry settings at a later stage on the administration system if you set a fixed date or a number of days/views/prints. This enables you to either extend or reduce document use, or instantly revoke access.

Apart from on a set date, the other methods require an online license check before the user can open the document. As soon as the number is met access stops, although it is possible to change the number in the administration system for individual users after the document has been assigned and that will take effect next time the user opens the document. You can therefore publish a document with a say a fixed expiry date for all users, but extend the access period for specific users if you so wish.

Document expiry happens automatically when the expiry criteria is met. This is therefore an easy and automatic way of revoking document access without any administration intervention.

Suspending or deleting a document to revoke document access for all users

If you want to revoke document access straight away to all users then you can suspend or delete a document. Access will be revoked when the user next tries to open the document if the document is set to check against the licensing server (online use). If you have allowed the document to be used permanently offline (without ever checking with the server) then you cannot revoke access by suspending or deleting a document because there is nothing in place to enforce the document to connect to the licensing server to pick up the new controls.

With Safeguard Web Viewer you can always revoke document access straight away as documents are always viewed online.

If you use publications to manage your protected documents, then you can remove publication access from specific users or change the publication access period so that revocation or expiry takes place for a group of documents. The same online/offline rules apply as to individual document revocation and expiry.

Revoking document access to all documents on a per user basis

This approach stops a user from accessing any documents, but it only happens if there is a mandatory license check on the document being opened. If you have set the license check to ‘never’ then revocation cannot be implemented. One advantage of this approach is that you can reinstate the user rather than having to delete them and then add them again.

At the user account level you can revoke access to all license check documents by:

Suspending the user account
Setting the user account to expire after a certain date

You can change the fixed expiry date also, but again there must be a license check before the change is implemented. If you do that, then you can keep altering the end date to suit changing requirements, and apply different end dates to the same file for different users. But you must remember that it will be up to you to reconcile end dates manually since there is no provision in the administration system for showing different end dates by user.

Remote file deletion

Another approach used by some document DRM systems to preventing continuing access to documents is the ability to remotely delete the document on the user’s computer – see remote file deletion. Sometimes this includes the concept of being able to ‘delete’ a file ‘beyond recovery.’ Commonly this is claimed to be achieved by multiple overwrites of the file in its location.

Safeguard PDF Security does not support this feature as it is more of a marketing ploy than a security feature.

Now don’t take our word if this technique works or not – go and reference the work of Peter Gutmann, the noted computer scientist in New Zealand. He points out that that, “the 35 pass overwrite technique …. a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques.”

Now that is talking about a system for trying to prevent any possible kind of recovery of a file stored on a hard drive. Never mind about hosting files on remote servers or using RAID architectures or having system backups.

Everything sounds fine if everyone is playing by the rules. But dishonest people have already established that they are not playing by your rules, and their rules are different. It is trivial to set a file to ‘read only’ so an ordinary application cannot write to it no matter what it wants. Now of course there are ways of getting round that, but they need code that gets around the operating system of the computer, and that is most definitely a ‘bad’ idea. That is what hackers and viruses set out to do, and if anything goes wrong you generally don’t have any files to come home to.

Be aware that the UK agency CESG notes that if you want to be sure files cannot be recovered you need to physically destroy the disk drive. Like burning it. (Now I’m not saying everyone wants to go to that level of certainty, but you get the idea of what the agencies mean by data destruction.)

But to bypass the control, all the user has to do is make a copy of the file before using it, so they lose nothing except time if one gets deleted. So you see that the idea of sudden deletion is interesting, but is less effective than expiring or revoking a file so that it can no longer be used.

How to expire documents using Safeguard PDF Security

Document expiry options in Safeguard Writer

You can set PDF documents to expire automatically when protecting them using Safeguard Writer. You can change the document expiry settings for all or individual users at a later stage using the Safeguard administration system.

1. Go to the Expiry & Validity Tab and from the ‘Document Expires’ section select either an expiry date or a number of days from first use. If you select an expiry date then the document will expire on that date. If you select a number of days from first use (say 30), then the document will expire 30 days from when it is first opened. The document will expire at different dates for different users depending on when they first opened the document.

2. If you want to expire documents after a number of prints or views then this can be achieved from the ‘Printing & Viewing’ tab.

To expire documents after a number of prints, select the number of copies you want to allow and check the ‘No access after print copies depleted’ checkbox. Once the number of prints have been reached the document will automatically expire and can no longer be used.

To expire documents after a number of views, check the box ‘Limit number of views’ and enter a number in the scroller field. Once the number of views has been reached the document expires.

Changing document expiry in the Safeguard Admin System

Once a protected document has been published you can change the expiry date from the Safeguard Admin System. You can do this for the document (so the new expiry date affects all users) or for individual users.

To change the document expiry date for a specific document, go to the Documents Tab and select the document you want to edit. Click on the Details button and enter the new document expiry date in the ‘Expires’ field.

To change the document expiry date for a specific user, go to the Documents Tab and select the document you want to edit. Click on the Details button and then the ‘Grant or Revoke Access’ link. Select the user you want to change the expiry date for and then from the ‘Grant Limited Access’ pull-down field enter a new document expiry date.

You can also change the start date of a document here. Changing the start date of a document to a future date stops access to the document until that date is reached. This is therefore another method of temporarily revoking document access for individual users, or ensuring that documents are not used before a certain date.

How to revoke document access on a user basis using Safeguard PDF Security

Revoke document access for a single user

To revoke access for a single user is very easy and you can do this for single or multiple documents.

1. Log in to the Safeguard administration system and go to the Customer Accounts tab. Here you can search for the individual customer record you want to alter.

2. Click on the Details tab to show you information about the selected customer record.

3. Go to the section titled ‘Manage Access’. This is where you grant access to documents, or revoke access. If you click on the option ‘Set document access’ it will bring up a tab showing all the documents that this user has access to.

If you find they have access to a lot of documents you can use the filter to narrow the search down to the document that you want.

4. Select the document(s) by clicking on the selection box and go to the ‘With all checked’ pull-down field. Here you can select from the options:

Grant access
Grant unlimited access
Grant limited access
Revoke access

5. Select ‘Revoke access’ and then press the OK button. Assuming that you set the original document to check its license, the next time license check happens, access is revoked.

A more granular result can be achieved using the ‘Grant limited access’ option.

Here you are able to set start and end dates for access that override the values set when the document was originally protected. So provided there is a license check for the document this control will override the original setting. So you could set the ‘Until’ date to yesterday and access would stop. And you can go back later and change these dates and have the new ones override the old ones.

Revoke document access for multiple users

You can revoke access for multiple users to multiple documents in one go.

Select the documents tab and find the document you want to revoke.
Then in ‘Manage access’ you can select all the customers who have been granted access to the document via the ‘View customers with access’ link.
You can use the Filter to reduce the number of customers selected. You can check the records that you want to revoke or use the option to check all of them, and then you have the same options as before, applied to a larger number of users instead of just one.

Customer Testimonials

We needed to deliver e-book versions of our handbooks while not compromising on security and digital rights. Safeguard PDF security is easy to use and intuitive.

The implementation was painless and we now have a greener, more secure way of distributing training manuals.
Locklizard’s PDF protection is exactly as described – the features are highly effective and I would give it 5 stars.

I would recommend Locklizard to others - their security is simple to use and fit for purpose. It meets common needs of businesses who have information they want to protect.
We would be happy to recommend Locklizard to any company needing a flexible way to secure PDF files.

Safeguard PDF Security has provided us with a very workable solution for sharing of information in a secure fashion. The support has been excellent and very accommodating.
We can cut accounts for a user five minutes before his class starts and he is ready to go. Happy smiling customer, while we still have security and personalized watermarking.

I have immense respect for the product and Locklizard provide great customer satisfaction and service.
We would recommend Safeguard to other companies for its security, cost and ease of use. It does what we expected it to do and more.

Ease of use is a bonus and the implementation was very easy. The product manual is excellent and Locklizard staff are very accommodating.
We sell a highly valued educational product in an open and competitive market so it was important to ensure we had effective security to protect our digital rights.

We highly recommend Locklizard - a professional company with a competitive and professional PDF Security product.
We would absolutely recommend both Locklizard as a company, and Safeguard PDF Security. It has transformed our study materials to the next level.

Not only did this increase sales, but we also believe that it has increased our customers’ ability to learn, which is even more important!
We would recommend Locklizard Safeguard to other companies that need to protect PDF reports. Customers have found the process of accessing the protected documents to be seamless.

Implementation was easy and technical support has been very responsive to requests for help.
Our company would without reservation recommend Locklizard. Their document DRM software opens up delivery of our new products in a timely fashion while knowing that the content will remain secure.

The return on investment to our company has been immediately evident.
We use Safeguard to make sure that documents cannot be opened outside our local network or from a unauthorized computer in order to copy or print the documents.

It is the most feature rich, affordable, & simple to use PDF security product on the market.
Safeguard PDF Security is simple to administer and meets our needs, consistently delivering secured manuals to our customers with ease.

Return on investment has been elimination of many man hours, printing resources and postage – it is estimated that costs decreased by 50% or more.
We would really recommend Safeguard PDF Security to every publishing company for managing ePubs or e-books securely. It is easy to secure PDF files and simple to distribute them to our authorized customers only.

Locklizard also provides a good customer support experience.
The ROI for us is incalculable. We have the security of knowing that our proprietary documents are secure. This is the entire value of our company.

I would most certainly recommend your PDF security product and already have. The ease of implementation was surprising.
We can now sell our manuals without the need to print them first, saving time, money and helping safeguard the environment.

We would recommend Safeguard PDF DRM – it is the perfect solution to sell and send e-documents securely whilst making sure someone cannot copy them.
We would recommend Locklizard to other companies without hesitation.

Their PDF DRM products provide a manageable, cost effective way to protect intellectual investment and they are always looking for ways to improve them. Moreover, their staff provide an excellent level of support.