Du viser støtteinnhold for versjon:

AEM Forms document security allows you to create, store, and apply predefined security settings to your documents. It ensures that only authorized users can use the documents. You can protect documents by using policies. A policy is a collection of information that includes security settings and a list of authorized users. You can apply a policy to one or more documents and authorizes users who are added in AEM Forms JEE user management.

For more information about how document security works, see AEM Forms JEE administration help.

User data and data stores

Document security stores policies and data related to protected documents including user data in a database, such as My Sql, Oracle, MS SQL Server, and IBM DB2. In addition, the data for authorized users in a policy in store in user management. For information about data stored in user management, see Forms User Management | Handling user data.

The following table maps how document security organizes data in database tables.

Database table Description
EdcPrincipalKeyEntity Stores information about principal keys for the users. The keys are used in offline document security workflows.
EdcAuditEntity Stores information about auditing event like user events, document events, and policy events.


Stores record of a protected document. It stores license details for every protected document.


Stores document name for every license created in the system.


Stores information about revocation and reinstatement of protected documents.
EdcMyPolicyListEntity Stores information about users who can create personal policies that appear under the My Policies tab on the Policies page. 
EdcPolicyEntity Stores information about policies. Each policy corresponds to a row in this table.
EdcPolicyXmlEntity Stores XML files for active policies. A policy XML contains references to principal IDs of users associated with the policy. Policy XML is stored as a Blob object.
EdcPolicyArchiveEntity Stores information about archived policies. An archived policy contains its policy XML stored as a Blob object.


(Oracle and MS SQL databases)

Stores the mapping between policy set and users.
EdcInvitedUserEntity Stores information about invited User.

Access and delete user data

You can access and export document security data for users in the databases, and if required, delete it permanently.

To export or delete user data from a database, you need to connect to the database using a database client and find out the principal ID based on some personally identifiable information of the user. For example, to retrieve the principal ID of a user using a login ID, run the following select command on the database.

In the select command, replace the <user_login_id> with the login ID of the user whose principal ID you want to retrieve from the EdcPrincipalUserEntity database table.

select refprincipalid from EdcPrincipalUserEntity where uidstring = <user_login_id>

Once you know the principal ID, you can export or delete the user data.

Export user data

Run the following database commands to export user data for a principal ID from database tables. In the select command, replace <principal_id> with the principal ID of the user whose data you want to export.


The following commands use database table names in My SQL and IBM DB2 databases. When running these commands on Oracle and MS SQL databases, replace EdcPolicySetPrincipalEntity with EdcPolicySetPrincipalEnt in the commands.

Select * from EdcPrincipalKeyEntity where principalid = '<principal_id>';

Select * from EdcLicenseEntity where publisherId = '<principal_id>';

Select * from EdcDocumentEntity where id in (Select documentid from EdcLicenseEntity where publisherId = '<principal_id>');

Select * from EdcRevokationEntity where licenseid in (Select id from EdcLicenseEntity where publisherId = '<principal_id>');

Select * from EdcMyPolicyListEntity where principalId = '<principal_id>';

Select * from edcpolicyentity where policyownerId = '<principal_id>';

Select * from edcpolicyxmlentity where policyidref in (Select id from edcpolicyentity where policyownerId = '<principal_id>');

Select * from edcpolicyarchiveentity where policyownerId = '<principal_id>';

Select * from edcpolicysetprincipalentity where principalId = '<principal_id>';

Select * from edcinviteduserentity where principalId = '<principal_id>';


To export data from the EdcAuditEntity table, use the EventManager.exportEvents API that takes EventSearchFilter as a parameter to export audit data based on principalId, policyId, or licenseId.

To get complete data about a user in the system, you must access and export data from user management database. For more information, see Forms user management | Handling user data.

Delete user data

Do the following to delete document security data for a principal ID from database tables.

  1. Shut down the AEM Forms server.

  2. Run the following database commands to delete data for the principal ID from database tables for document security.  In the Delete command, replace <principal_id> with the principal ID of the user whose data you want to delete.

    Delete from EdcPrincipalKeyEntity where principalid = '<principal_id>';
    Delete from EdcMyPolicyListEntity where principalId = '<principal_id>';
    Delete from edcpolicyarchiveentity where policyownerId = '<principal_id>';
    Delete from edcpolicysetprincipalentity where principalId = '<principal_id>';
    Delete from edcinviteduserentity where principalId = '<principal_id>';


    To delete data from the EdcAuditEntity table, use the EventManager.deleteEvents API that takes EventSearchFilter as a parameter to delete audit data based on principalId, policyId, or licenseId.

  3. Active and archived policy XML files are stored in the EdcPolicyXmlEntity and EdcPolicyArchiveEntity database tables, respectively. To delete data for a user from these tables, do the following:

    1. Open the XML blob of each row in the EdcPolicyXMLEntity or EdcPolicyArchiveEntity table and extract the XML file. The XML file is similar to the one shown below. 
    2. Edit the XML file to remove the blob for the principal ID.
    3. Repeat steps 1 and 2 for the other file.


    You must remove the complete blob within the Principal tag for a principal ID or the policy XML may get corrupt or unusable.

    <ns2:Principal PrincipalNameType="USER">
        <ns2:Property PropertyName="isCertified">
            <ns2:PropertyValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">false</ns2:PropertyValue>
        <ns2:Property PropertyName="encryptionAlgorithm">
            <ns2:PropertyValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">AES128</ns2:PropertyValue>
        <ns2:Property PropertyName="AccessDeniedErrorMessage">
            <ns2:PropertyValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string"></ns2:PropertyValue>
    <ns2:Permission PermissionName="ns3:com.adobe.aps.onlineOpen" Access="ALLOW"/>
    <ns2:Permission PermissionName="ns3:com.adobe.aps.pdf.copy" Access="ALLOW"/>
    <ns2:Permission PermissionName="ns3:com.adobe.aps.offlineOpen" Access="ALLOW"/>
    <ns2:Permission PermissionName="ns3:com.adobe.aps.pdf.accessible" Access="ALLOW"/>
    <ns2:Permission PermissionName="ns3:com.adobe.aps.pdf.editNotes" Access="ALLOW"/>
    <ns2:Permission PermissionName="ns3:com.adobe.aps.pdf.edit" Access="ALLOW"/>
    <ns2:Permission PermissionName="ns3:com.adobe.aps.pdf.fillAndSign" Access="ALLOW"/>
    <ns2:Permission PermissionName="ns3:com.adobe.aps.pdf.printHigh" Access="ALLOW"/>
    <ns2:Permission PermissionName="ns3:com.adobe.aps.pdf.printLow" Access="ALLOW"/>

    In addition to deleting data directly from the EdcPolicyXmlEntity table, there are two more ways you can achieve this:

    Using administration console

    1. As an administrator, log into the Forms JEE administration console at http://[server]:[port]/adminui.
    2. Navigate to Services > Document Security > Policy Sets.
    3. Open a policy set and delete the user from the policy.

    Using document security web page

    Document security users who have permissions to create personal policies can delete user data from their policies. To do so: 

    1. Users who have personal policies log into their document security web page at http://[server]:[port]/edc.
    2. Navigate to Services > Document Security > My Policies.
    3. Open a policy and delete the user from the policy.

    Note: Administrators can search, access, and delete user data from personal policies of other users in Services > Document Security > My Policies using administration console.  

  4. Delete the data for the principal ID from user management database. For detailed steps, see Forms User Management | Handling user data.

  5. Start the AEM Forms server.

Dette produktet er lisensiert i henhold til Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Innlegg på Twitter™ og Facebook dekkes ikke av Creative Commons-vilkår.

Juridiske merknader   |   Regler for personvern på nettet