File Protection

in Genius Bar edited January 2014
I have some very valuable customade image profiles (ICC Profile) installed on several work stations. Theses are operated by various technicians who need access to the profiles while working for me.

Is there a way for me to prevent my technicians from stealing the profiles? The profiles need to be copied to different media as part of the job.

Alternatively, is there a software that will log the activity of specific files and if so, one that also let's me easily get the information regarding the profiles. (I have around 30 Macs, so a long real-time flash movie of all activity is no good to me.

Thanks in advance for your advise.


  • Reply 1 of 6
    MarvinMarvin Posts: 14,582moderator
    You could try giving the profiles permissions so that only the system has read access. The user shouldn't need direct access of any kind. Then give them non-admin accounts.

    So you would move the profile into place, then set the permissions to system (read/write), wheel (read only) and everyone (no access). That may prevent them using the profile but you can try it anyway. With a non-admin account, they can't move or copy it.
  • Reply 2 of 6
    No, you can't have people use the color profiles, but not be able to copy them. The applications they use (and run as the user they are logged in as) need read access, so the users have to have read access. And if you can read them, you can copy them. Plus if they already need to copy them, then there is no way they can't get access to them.

    I really can't imagine that ICC profiles could be that valuable. Certainly they are valuable in the sense that that is how you make sure to match up with the printers, but I can't imagine a circumstance where someone could sell the profiles in any way to harm a business.

    Oh... and you are looking for a technical problem for a people problem. This is not an IT problem, it is a management problem.
  • Reply 3 of 6
    kmac1036kmac1036 Posts: 281member
    I agree in part, disagree in part with Karl...

    I worked for a printing company, they do fulfilment for magazine, etc.

    the way the shop was laid out, files stored, transfered, even the organization of the stock was all considered to be a "trade secret." So, the ICC files would fall under that, trade secrets for that shop.

    now, what could you do with an ICC profile? well, disgruntled employees could delete them, change them, etc. but unless they were setting up a shop with the exact same equipment, software, etc, then there would be no use for them.

    & your company would have a strong foundation for a lawsuit, to say the least.

    your biggest threat & competition in the end is your own employees.
  • Reply 4 of 6
    Thanks for the input. I guess I better explain the issue more in depth.

    We are a digital capture outfit, which means we provide photographers with digital equipment. We use PhaseOne Capture One software to capture the images and treat the RAW files before converting them to TIFF. For the individual photographers we create up to 25 different ICC profiles to suit their preferred style. The process of creating these files is long and has to be done for each photographer. Also, they are specifically created for the photographer and is as such a trade srecret for them and me.

    The vulnerability is my freelance staff, who has access to these ICC profiles when on shoots with the photographer.

    What I think would be ideal is a log of all activity on the workstation, where I could then run a search for the activity for the ICC profiles. If I find that they have been copied onto any medium, I could take action.

    Any ideas if this is possible?

  • Reply 5 of 6
    I still don't get why you need to protect these files. How is it bad if a freelancer gets ahold of the ICC profile for the camera? The reason they are valuable is because they match that specific camera in the way that the photographer wants. Away from that specific piece of hardware it is relatively worthless.

    So what exactly are you afraid the the freelancer is going to do with the ICC profile? Unless they steal the camera along with the profile it is worthless.
  • Reply 6 of 6
    kmac1036kmac1036 Posts: 281member
    Ok, ksibast believes he needs to protect the files, let's not argue that point...

    example - radio stations, for example, guard their compression equipment - the brand, model, & most importantly, the settings. Only the manager has the key to the closet on that one.

    back to the point - the additional details helps a bit. really, all you can do is put the files in a folder that is set to the acct permissions - the photog ONLY has access to that folder & doesn't let the others use his acct. lock the machine down. if the assistants need to transfer anything, give them their own acct, set up the drop box to the photogs acct.

    or store them in an encrypted dmg disk image file. load them everytime you want to run the apps.

    as far as logs, you should be able to setup logging on the folder or can go back & look at the OS X log files (think those track file access already, quite a bit of data there!) but if the photog or admin are the only ones with access... so it's any guess who it was that did it! setting the isight camera to snap a picture?

    only send trustworthy staff if you are that paranoid. not sure how else to handle this. it's called POST processing, so only the photog should be doing that anyway.

    My opinion - if I'm some crackhead out to score, or thief of opportunity, I'm grabbing the Nikon D3 / pro grade glass / MacBook Pro to cash it out - in a hurry! hocking a specialty item such ICC profile = too easy to track & get caught. but that's my 2 cents.

    bottom line - don't even allow access to get to the files by the freelancers. lock the machine down, encrypt the files. photog needs to do is own post.
Sign In or Register to comment.