Attachment Category form
Completing the Security tab
|
|
Use this tab to restrict user operations for attachments of this category and work type based on privileges and when rule. The user must meet any one restriction (privilege or when rule) to gain access.
For more information, see How to use attachment categories.
Access Control List by Privilege
Complete this optional array to limit user capabilities for attachments of this category based on privilege rules. If blank, no privilege is required. However, when rules (if specified in the Access Control by When Rule array) still apply. If an operation check box is not selected (blank), the qualified user cannot perform it.
Field |
Description |
| Access Control List by Privilege |
|
| Privilege Name |
|
| Create |
Select to grant the ability to add attachments of this category to only those requestors who hold the privilege in the Privilege Name field. |
| Edit |
Select to grant the ability to edit attachments of this category to only those requestors who hold the privilege in the Privilege Name field.
|
| View |
Select to grant the ability to view attachments of this category to only those requestors who hold the privilege in the Privilege Name field. |
| Delete Own |
Select to grant the ability to delete attachments of this category that they added earlier to only those requestors who hold the privilege in the Privilege Name field. |
| Delete Any |
Select to grant the ability to delete any attachments of this category to only those requestors who hold the privilege in the Privilege Name field.
|
For an example, see the Pega
Developer Network article 
PRKB-25589 How to enable attachment security using attachment categories.
Attachment category rules do not allow
anyone to delete correspondence items, a special form of file attachment. The system retains
correspondence as a permanent record of information that was
conveyed to an outside party or system.
Access Control List by When Rule
Complete this optional array to limit user capabilities for attachments of this category based on when condition rules. If this array is blank, there are no when condition tests for access. However, privileges (if specified in the Access Control List by Privilege array) still apply. If an operation check box is not selected (blank), the qualified user cannot perform it.
Field |
Description |
| Access Control List by When |
|
| Rule |
You can reference the standard rule @baseclass.always to enable capabilities. |
| Create |
Select to grant the ability to add attachments of this category to runtime environments where the when rule evaluates to true. |
| Edit |
Select to grant the ability to edit attachments of this category to runtime environments where the when rule evaluates to true. |
| View |
Select to grant the ability to view attachments of this category to runtime environments where the when rule evaluates to true. |
| Delete Own |
Select to grant the ability to delete attachments of this category that the same operator added to runtime environments where the when rule evaluates to true. |
| Delete Any |
Select to grant the ability to delete any attachment of this category to runtime environments where the when rule evaluates to true. |
Field |
Description |
| Enable Attachment Level Security |
Select to allow the operator who attaches a file attachment of this category to identify one or more work groups that have access to the attachment. This attachment-level restriction, if enabled, operates in addition to and independently of any restrictions defined on this tab for the category. For an example, see Pega Developer Network article |
The order of rows in this array is not significant. When multiple rows associate a privilege and a capability, a user must hold at least one of the privileges. 
Select a Privilege Name — second key part of a privilege rule. When you save the rule, the system uses the Applies To class of this attachment category to validate the privilege name.