How to allow macros in LibreOffice/share/basic for AutoOpen

eibo · March 9, 2026, 10:45am

If I setup macro security to very high I am able to put the read only template folder in the list of secure locations and running a macro on DocumentCreate works. Unfortunately the new document looses its connection with the template, so it is not possible to have a read only secure folder for macros this way after the initial creation of the document.

If I instead put all macros in a library in the installation path (/usr/lib/libreoffice/share/basic or C:\Program Files\LibreOffice\share\basic), which is again readonly for regular users, all of these macros are running fine, if (!) I start them by hand. If I attach one of these macros to a DocumentOpen event it will trigger the yellow bar stating running macros is not allowed. I find this quite inconsistent and wrong, as systemwide macros in the system folder should in my opinion be runnable no matter what.

Is there any way to get to run a macro securely, that is from a read only location, automatically on DocumentOpen?

Villeroy · March 9, 2026, 11:39am

The trusted paths do not refer to the code. They refer to the location of documents allowed to call macro code.
Simple rule: Include your documents directory or some subdirectory therein, but never allow the downloads directory.

mikekaganski · March 9, 2026, 12:09pm

There is code in those locations that may be used for unexpected purposes, e.g., to read files. The location of the code (that it is in a “locked” place) is not a guarantee that executing it from untrusted file is safe.

sokol92 · March 9, 2026, 12:13pm

I didn’t quite understand the question.
If a user adds a resource available to other users to the list of trusted locations, files in that folder containing macros will open without further prompting. Macros bound to the file open event will also run without further prompting.

eibo · March 9, 2026, 4:16pm

This would be highly insecure indeed, anybody might move files from the download folder into one of those trusted paths. As stated in the BSI document security in LibreOffice, trusted paths must not be writable by users.

Villeroy · March 9, 2026, 4:30pm

Well, first they have to move downloaded files deliberately into their own document space where they should be able to do whatever they want. Read-only documents calling macros make no sense, unless the macros manipulate documents other than the calling one which is a rare corner case.

sokol92 · March 9, 2026, 4:39pm

In my opinion, this is a common practice for companies: sample documents (and/or templates) in a shared folder. Authors have full access, while consumers have read-only access.
The document may contain macros, menus, …