If you already added Community Commons to your project you can create a java action (securePDF) with a filedocument as parameter. This will modify the filedocument.
The implementation is from the pdfbox documentation. Please note the hardcoded password. Consider this as a starting point. You could add the canEdit, canPrint etc as parameters.
// BEGIN USER CODE
IContext context = getContext();
ILogNode logger = Core.getLogger("SecurePDF");
logger.trace("Retrieve generated document");
PDDocument inputDoc = PDDocument.load(Core.getFileDocumentContent(context, filedocument.getMendixObject()));
// Define the length of the encryption key.
// Possible values are 40 or 128 (256 will be available in PDFBox 2.0).
int keyLength = 128;
AccessPermission ap = new AccessPermission();
// Disable printing, everything else is allowed
ap.setCanPrint(false);
ap.setCanAssembleDocument(false);
ap.setCanExtractContent(false);
ap.setCanExtractForAccessibility(false);
ap.setCanModify(false);
// Owner password (to open the file with all permissions) is "12345"
// User password (to open the file but with restricted permissions, is empty here)
StandardProtectionPolicy spp = new StandardProtectionPolicy("12345", "", ap);
spp.setEncryptionKeyLength(keyLength);
spp.setPermissions(ap);
inputDoc.protect(spp);
ByteArrayOutputStream output = new ByteArrayOutputStream();
inputDoc.save(output);
InputStream newContent = new ByteArrayInputStream(output.toByteArray());
logger.trace("Store result in original document");
Core.storeFileDocumentContent(context, filedocument.getMendixObject(), newContent);
logger.trace("Close PDFs");
inputDoc.close();
logger.trace("Secure PDF done");
return true;
// END USER CODE
Mendix can't do this natively. You can use the PDFBox Library (already part of the CommunityCommons module). See e.g. this StackOverflow thread or this tutorial.