NotAllowedError

//apply the security policy
function applyMySecurityPolicy() {
    var oMyPolicy = null;
    
    var aPols = security.getSecurityPolicies();
    
    for (var index = 0; index < aPols.length; index++) {
        if (aPols[index].name === "Test") {
            oMyPolicy = aPols[index];
            break;
        }
    }
    
    if (oMyPolicy == null) {
        app.alert("Policy Not Found");
        return;
    }
    
    app.beginPriv();
    
    var rtn = this.encryptUsingPolicy({ oPolicy: oMyPolicy });
    
    if (rtn.errorCode != 0) {
        app.alert("Security Error: " + rtn.errorText);
    }
    
    app.endPriv();
}

//handle button click
function applySecurityButtonClicked() {
    app.trustedFunction(function() {
        applyMySecurityPolicy();
    })();
}

//button click event
app.addMenuItem({
    cName: "Apply Security",
    cParent: "Tools",
    cExec: "applySecurityButtonClicked();",
    cEnable: "event.rc = (event.target != null);",
    cMarked: "event.rc = false;",
});

Like this?

Where is this script located?  For proper operation it should be in a folder level script. 

Read these articles:

https://www.pdfscripting.com/public/Trust-and-Privilege-in-Acrobat-Scripts.cfm

https://www.pdfscripting.com/public/Using-Trusted-Functions.cfm

A trusted function can only be defined from a trusted (privileged) context.  Read the articles, they show the correct way to define a trusted function. 

No. The call to addMenuItem needs to go via a trusted function, like you did applyMySecurityPolicy, but that function needs to reside in something like a folder-level script file, and installed on the local computer of each user.

Maybe I did it wrong but I went to the Adobe folder from the C: Drive then navigated all the way to the JavaScript folder and then I created a file in there named secpol.js and put the same code that I have for the button in there. Then, I went to Security (Enhanced) and added the path to that file. Is that not correct? I still got the same error

The trusted function is not defined correctly. The code needs to be changed. 

First, delete the "applySecurityButtonClicked" function.

 Next Define the "applySecurityPolicy" function like this.

var applyMySecurityPolicy = app.trustedFunction(function (oDoc) {
   app.beginPriv();
 ...  your code ...
   app.endPriv();
});

 Now use this function in the "cExec" argument of the "addMenuItem" function. 

There is another problem with the code. It is a bad policy to use the keyword "this" in the "applyMySecurityPolicy" function, because there is a context switch when the menu item is called. The current object is not necessaryily the current document. Notice I've added the "oDoc" argument to the "applyMySecurityPolicy" function.  

This is how the function should be setup in the "addMenuItem"

 cExec: "applySecurityPolicy(event.target);",

So do I need to do anything about adding folder-level scripts? Anything that I have to do not in that code besides what you mentioned of course? 

No, any JS code placed in a ".js" file and saved to one of the two Acrobat JavaScript folders will be loaded and run at Acrobat startup. Loaded script are run as privileged.  So this is where any global variables, trusted functions, menu items, or toolbar buttons are defined.  

So I have this code. But unfortunately, I am still getting the error. (I added this code to the JavaScript Folder just in case not sure if thats causing an issue. 

// Define the "applyMySecurityPolicy" function with the trusted function
var applyMySecurityPolicy = app.trustedFunction(function (oDoc) {
var oMyPolicy = null;

var aPols = security.getSecurityPolicies();

for (var index = 0; index < aPols.length; index++) {
if (aPols[index].name === "MySecurityPol") {
oMyPolicy = aPols[index];
break;
}
}

if (oMyPolicy == null) {
app.alert("Policy Not Found");
return;
}

oDoc.beginPriv();

var rtn = oDoc.encryptUsingPolicy({ oPolicy: oMyPolicy });

if (rtn.errorCode != 0) {
app.alert("Security Error: " + rtn.errorText);
}

oDoc.endPriv();
});

// Create the button click event with the updated "cExec" argument
app.addMenuItem({
cName: "Apply Security",
cParent: "Tools",
cExec: "applyMySecurityPolicy(event.target);",
cEnable: "event.rc = (event.target != null);",
cMarked: "event.rc = false;",
});

Where did you place this code?

I linked it to my button. I also placed in C:\Program Files (x86)\Adobe\Acrobat 2020\Acrobat\Javascripts 

with the .js extension of course

You need post the actual error text, otherwise we have no idea what you are talking about. 

However, both the "beginPriv()" and the "endPriv()" are members of the "app" object. 

This is the source of at lease one error. 

What do you mean by, "I linked it to my button"?  If the button mouseUp script calls the  "applyMySecurityPolicy" function, then that's ok.  But again, if you don't tell us we have no idea what you are talking about. 

Also, getSecurityPolicies requires a privileged context, too. I recommend moving the call to the beginPriv method to the start of the function.

NotAllowedError: Security settings prevent access to this property or method.
App.trustedFunction:2:Field encrypt:Mouse Up

Thats the error I'm still getting and here is the updated code 

// Define the "applyMySecurityPolicy" function with the trusted function wrapper
var applyMySecurityPolicy = app.trustedFunction(function (oDoc) {
    app.beginPriv(); // Move the app.beginPriv() to the start of the function to create a privileged context
    
    var oMyPolicy = null;
    
    var aPols = app.security.getSecurityPolicies(); // Use app.security.getSecurityPolicies() to access privileged method
    
    for (var index = 0; index < aPols.length; index++) {
        if (aPols[index].name === "MySecurityPol") {
            oMyPolicy = aPols[index];
            break;
        }
    }
    
    if (oMyPolicy == null) {
        app.alert("Policy Not Found");
        app.endPriv(); // Move the app.endPriv() here to ensure it's called even if the policy is not found
        return;
    }
    
    var rtn = app.encryptUsingPolicy({ oPolicy: oMyPolicy }); // Use app.encryptUsingPolicy() to access privileged method
    
    if (rtn.errorCode != 0) {
        app.alert("Security Error: " + rtn.errorText);
    }
    
    app.endPriv(); // Use app.endPriv() to end the privileged context
});

// Create the button click event with the updated "cExec" argument
app.addMenuItem({
    cName: "Apply Security",
    cParent: "Tools",
    cExec: "applyMySecurityPolicy(event.target);",
    cEnable: "event.rc = (event.target != null);",
    cMarked: "event.rc = false;",
});

Not sure what I'm doing wrong here.

This code can only exist in a folder level script. It cannot be put inside a button on a PDF. 

That's what's wrong. 

So theres no way to apply the security policy from a button click?

No, put the code in a folder level script, then call the "applySecurityPolicy()" function from the button. That will work. 

But there other ways, read these articles:

https://www.pdfscripting.com/public/Trust-and-Privilege-in-Acrobat-Scripts.cfm

https://www.pdfscripting.com/public/Using-Trusted-Functions.cfm

Ok I will try that now thank you!

Sorry for the double post. Don't see where I can edit my previous response. So I did what you said (I think) I put this code in the javascript folder: 

//placed in the "JavaScript" folder
function applyMySecurityPolicy() {
    app.beginPriv();
    
    var oMyPolicy = null;
    
    var aPols = app.security.getSecurityPolicies();
    
    for (var index = 0; index < aPols.length; index++) {
        if (aPols[index].name === "MySecurityPol") {
            oMyPolicy = aPols[index];
            break;
        }
    }
    
    if (oMyPolicy == null) {
        app.alert("Policy Not Found");
        app.endPriv();
        return;
    }
    
    var rtn = app.encryptUsingPolicy({ oPolicy: oMyPolicy });
    
    if (rtn.errorCode != 0) {
        app.alert("Security Error: " + rtn.errorText);
    }
    
    app.endPriv();
}

Then I put this code in for the button:

function applyMySecurityPolicyFromFolder() {
    app.trustedFunction(function() {
        // Call the folder-level script's privileged function
        applyMySecurityPolicy();
    })();
}

app.addMenuItem({
    cName: "Apply Security",
    cParent: "Tools",
    cExec: "applyMySecurityPolicyFromFolder();",
    cEnable: "event.rc = (event.target != null);",
    cMarked: "event.rc = false;",
});

However, when I run this code I still get the 

NotAllowedError: Security settings prevent access to this property or method.
App.addMenuItem:15:AcroForm:encrypt:Annot1:MouseUp:Action1

The app.addMenuItem(...) code also needs to be in the folder-level script, although it doesn't have to be in a trusted function.

Did that and I'm not getting any errors. Now its just not applying the security policy that I have setup. Any ideas? It's not even printing out "Policy not found" no console is coming up or anything. Here is both updated codes
Folder-level:

//placed in the "JavaScripts" folder
function applyMySecurityPolicy() {
    app.beginPriv();
    
    var oMyPolicy = null;
    
    var aPols = app.security.getSecurityPolicies();
    
    for (var index = 0; index < aPols.length; index++) {
        if (aPols[index].name === "MySecurityPol") {
            oMyPolicy = aPols[index];
            break;
        }
    }
    
    if (oMyPolicy == null) {
        app.alert("Policy Not Found");
        app.endPriv();
        return;
    }
    
    var rtn = app.encryptUsingPolicy({ oPolicy: oMyPolicy });
    
    if (rtn.errorCode != 0) {
        app.alert("Security Error: " + rtn.errorText);
    }
    
    app.endPriv();
}

app.addMenuItem({
    cName: "Apply Security",
    cParent: "Tools",
    cExec: "applyMySecurityPolicy(event.target);",
    cEnable: "event.rc = (event.target != null);",
    cMarked: "event.rc = false;",
});

Document-level:

function applyMySecurityPolicyFromFolder() {
    app.trustedFunction(function() {
        // Call the folder-level script's privileged function
        applyMySecurityPolicy();
    })();
}

There's no such thing as "app.security.getSecurityPolicies()". It's just "security.getSecurityPolicies()".

Also, what version of Acrobat are you using that has a Tools menu? This hasn't been around for quite some time...

I'm on Acrobat Pro 2020. So should I remove the tools I was under the impression that was the menu on the side?