Security Manager / Attachments

[Alice]

May be a really dumb question...

Does anyone here wish that a user could have access to an Attachment Category to Attach only, not View?
Currently in order to add an attachment, they are also required to have access to view. Sure you're able to remove View and OK out of Security Manager but when you go back in, View has green check next to it again.

Would also like opinions whether or not it's worth requesting a PMR to change this or not.

Thanks!

[Jan Regnier]

Sure you're able to remove View and OK out of Security Manager but when you go back in, View has green check next to it again.

Could that be because they are are a setup under a group that has that privilege also?  Individually and a group member with the same access..  Would have to take them out of the "group" and then reset the individual....??

[Alice]

All changes made to groups only, not individuals. I created a group to have full access to this one particular category. went to the other groups and removed access to View. Clicked OK, got the usual message about logging out and back in for changes to take affect.  Open Security Manager again, look at that one category in one of the groups I removed it from and it's back to Grant.

Can someone else test this please?

[Lance Bateman]

Alice, I do believe View is required if you're giving any other rights.  But I'm curious - why would you want to allow an attachment to be made but not allow them to view it, such as validating they put it in the right place?

[Alice]

Well, the data techs attach all things. There are no written instructions on which information needs to be redacted, like marking out checking accounting numbers and such. So they decided that only three people will have access to view these forms once they've been attached.  So they can attach but not view afterwords. I can't seem to keep the View unchecked no matter what and it's making me bonkers. I may end up removing total access to that category for everyone and tell those three that one of them will need to be responsible for attaching the forms.
I'm sure there's logic there somewhere but I suppose they'd rather limit access than teach everyone what should be removed before atttaching.

[Lance Bateman]

One approach - which was used at three bank-owned agencies I worked at (nevermore, quoth the Raven) - employee signed document of privacy of information.

[Alice]

Wish it were that easy. I'm told this has something to do with PCI Compliance and out of my control. So either insurance goes back to all theses attachments, redacts the info, rescans and deletes the original attached, or they limit access to only those who have a legitimate reason to view.
And no matter what I do to try and get this to work...nothing is working. Time to make the call...

[Lance Bateman]

You don't want to delete the original - it should always be kept, for legal reasons.  Not sure what to suggest, Alice - you do have an "interesting" (as in "may you live in interesting times" - the Chinese curse?) office.

[Alice]

I agree Lance. That's why I need to deny and grant only those three that need it (upper management).
So I found this and emailed support to ask if it's still this way or has it been revised since 2005. Awful lotta work for one category. Will keep me busy this weekend fer sure.
KB33714

https://www.appliedsystems.com/apps/Knowledgebase/Main.aspx?kb=33714

[Alice]

Here's an update.  There is a known bug when it comes to making changes to attachment categories in Security Manager. I contacted support after spending three hours following the instructions in the KB article and nothing was saving. So now I get to rename 11 security groups, make the changes then click apply. Makes for an exciting weekend.