Improve case security by ensuring that users can interact with content that is appropriate for their role only. When you define conditions or privileges in an attachment category, you control which actions a user can take on a case attachment.
For example, when working with a loan request case type, only a manager can access documents that contain customer's sensitive data.- In the navigation pane of Dev Studio, click App.
- In the class of the case type that you want to configure, expand the Process section.
- Click Attachment Category, and then click the name of the attachment category that you want to configure.
-
Identify the case attachments types that your attachment category supports:
- Click the Availability tab.
- Select the check box next to one or more relevant attachment types.
-
On the Security tab, restrict user actions on the attachment
types:
Choices Actions Restrict user actions accordingly to a privilege - In the Access control list by privilege section, in the Privilege field, enter a privilege that you want to use to grant user actions.
- Select a check box in one or more columns, based on the user operations that this privilege grants. For example: To allow users to delete attachments that they create, select the Delete own check box.
- To add more privileges and specify other actions for each privilege, click Add privilege, and then repeat steps 5.a and 5.b. Result: At run time, users with the specified privileges can perform actions that you assign to each privilege.
Restrict user actions accordingly to a when condition - In the Access control list by When Rule section, in the When field, enter a when condition that you want to use. For example: Select a when condition that at run time evaluates if a user belongs to a Managers access group.
- Select a check box in one or more columns, based on the user operations that this privilege grants. For example: To allow users to add attachments to a case, select the Create check box.
- To add more when conditions, click Add when, and then repeat steps 5.a and 5.b. Result: At run time, if a when condition evaluates to true, users can perform actions that you associate with the when condition.
Note: The absence of a privilege or when condition does not automatically restrict a user operation. For example, if you define a condition that allows users to create attachments, ensure that you also define another condition that restricts editing, viewing, and deleting attachments. - Optional: To allow users to choose which teams can access the attachments that the users provide, select the Enable attachment-level security check box.
- Click Save.
- Extension points and supporting rules for attachments
You can use extension points, system settings, and standard rules to customize the processing that occurs when you add an attachment to a case. For example, you can scan an attachment for viruses.