Restricting access to attachments

You can use attachment categories to restrict user operations. By controlling the actions that users can take, you provide security for the attachments in your cases.

Run-time procedure: In the Take Action section, select the Enable Security check box. This displays the Category Limit access to: drop-down list. Select a work group that you do not belong to. Click Submit and open the attachment list. Select the note. It does not open and a warning message displays even though you met the when rule condition defined by the category rule.
  1. Create an attachment category for each business classification of attachments in your application
  2. Add the attachment categories to a case type
  3. Open the Attachment Category form.
    1. In the navigation panel, click Case types, and then click the name of a case type.
    2. On the Settings tab, click Attachment categories.
    3. Click the name of the attachment category.
    4. In the Category field, click the name of the attachment category.
  4. On the Availability tab of the Attachment Category form, select a check box for each attachment type that your attachment category supports.
  5. On the Security tab, define how user operations are restricted. You can provide any combination of privileges and when conditions.

    • To restrict user operations by privilege:

      1. Click + Add privilege to add a new row to the grid.

      2. In the Privilege column, press the Down Arrow key and select the name of a privilege.

      3. Select a check box in one or more columns, based on the user operations that are granted by the privilege.

        For example, select the check box in the Delete own column to allow users to delete attachments that they create.

    • To restrict user operations by when conditions:

      1. Click + Add when to add a new row to the grid.

      2. In the When column, press the Down Arrow key and select the name of a when condition.

      3. Select a check box in one or more columns, based on the user operations that are granted by the when condition.

        For example, select the check box in the Create column to allow users to add attachments to a case.

      4. Repeat steps a through c by selecting a when condition that uses the Never condition for user operations that are denied.

        For example, if you define a condition that allows users to create attachments, you must define another condition that restricts editing, viewing, and deleting attachments. The absence of a privilege or when condition does not automatically restrict a user operation.

  6. Optional: o allow users to control which work groups can access a specific attachment, select the Enable attachment-level security check box.

    At run time, users are prompted to provide the name of a work group.

  7. Click Save.

Each user operation is available for an attachment only when all when conditions return a true value, the user belongs to the required work group, and the user holds at least one of the required privileges.