Modifying Security Settings for Attachments

One of the features of the Aptify framework is the ability to attach files to any top-level record in the system (on the Attachments tab which appears on all top level forms).

Attachment security in Aptify starts at a global level but can be applied on a per-entity or per-category basis.

At the global level, a user's basic access to create, read, edit, and delete attachments is based on his or her's permissions to the Attachments entity (see About Entity Level Security for information on general entity security). For example, if a user does not have Create access to the Attachments entity, then that user will not be able to add attachments to any record in the system.

Assuming that the user has appropriate access to the Attachments entity, the next layer of security is applied at the entity level. By default, attachment security for a particular entity uses the security settings for that entity. For example, if a user has Delete permissions to the Attachments entity but does not have Delete permissions to the Persons entity, that user will not be able to delete attachments linked to Persons record.

However, an administrator can also define specific security settings for attachments at the entity level that differ from that entity's general security settings. The process for defining attachments security at the entity level is described later in this topic.

Finally, assuming that the user has appropriate access to the Attachments entity and the appropriate attachments security access at the entity level, administrators and users can also apply security at the Attachment Category level. If an Attachment Category is defined with no User or Group Permissions, the attachment permissions for the corresponding entity apply. However, users and administrators can also define specific security settings for an Attachment Category, which can be used to prevent unauthorized users from seeing sensitive documents that are attached to records that the users can otherwise access.

See Working with Attachment Categories for information on defining security for an Attachment Category.

The following steps describe how to modify attachments security at the entity level so that is different from the entity's general security settings:

1. Open the Entities record for the entity whose attachment security you want to modify.
2. Click the Security > Options tab.
3. Select the Use Specific Attachment Permissions option.
   • When this option is cleared, Attachments for that entity use the entity's defined User and Group Permissions (as described About Entity Level Security).
   • When this option is selected, the Group Attachment Permissions and User Attachment Permissions sub-tabs appear under the Security tab.  
     
     
4. Click the Group Attachment Permissions tab or the User Attachment Permissions tab and create an Entity Attachment Permissions record for each group or user that needs to access attachments for the specified entity.
   • For each group and user, select the check box next to the rights you want to grant to that user or group. The options are:
     • Read: User or Group members can see and open files attached to records in this entity.
     • Create: User or Group members can add new attachments to records in this entity.
     • Edit: User or Group members can modify existing attachments to records in this entity (this includes updating the attachment and renaming it).
     • Delete: User or Group members can delete attachments from records in this entity.
       
       
5. Add Entity Attachment Group and/or User Permission records for each user or group that needs access to attachments for this entity.
6. Save and close the entity.