If FileMaker generated the PDF in the first place, it can specify a password required to open that PDF.
This does not appear to be the case here.
What you can do is use record level access control to control access to the record of the container field storing the PDF. Then, the database file must be open with a password that allows access to the record before a user can access the PDF in the file. If the PDF is inserted with the "store a reference" option, however, the user can still access the PDF through their operating system, bypassing FileMaker altogether.
In FM 12, you can specify external, secure storage for a given container and then it can be stored external to FileMaker, but access from the user can be prevented as the paths and files are encrypted.
Thanks, reflecting back to see if I have understood this:
1. An FM generated pdf can have a pw required for opening.
Q: What app does the pdf open in? Once open what would stop someone Save As to another file that could be disseminated and opened anywhere? And does FM have 2 levels of pw like Acrobat? ie. a) pw to open; b) pw that specifies permissions, such print or not, comments or not etc.
2. As in this case the pdf was created outside FM.
Q: Are you saying that the pdf can be securely stored in a container, external to the FM solution? If I want to sell this solution as a download from a website, how will the download work if the pdf is external to FM and how will access to the pdf be controlled from the FM solution?
1: the app is opened with whatever PDF reader is installed on that computer.
This would be a PDF password, not a FileMaker password and won't work for what you want here anyway.
2: You would not be able to use the external option for stand alone files downloaded from a website. I don't know that there is a way to allow the user to open the PDF in a PDF reader from the database and not allow them to save copies, but if you use large scale container fields optimized for interactive content, the users can view and flip through the pages of the entire PDF document without opening it in a PDF Reader utility. You can set up a "reader" layout and the user just interact with the PDF right in the container field. And then you can set up access permissions so that users can view and interact with the PDF, but not be able to export data from the database.