Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

'Access When' rules do not prevent attachment views or downloads



The 'Access When' rules do not prevent attachment views or downloads.

Error Messages

Not  Applicable

Steps to Reproduce

  1. Add 'Never' to view the attachment.
  2. Click an attachment in the Case Attachments section. A popup displays indicating lack of security (OK).
  3. Click Edit attachment.
  4. Open the Version History.
  5. Click the attachment name. The attachment downloads.
  6. Attach a new document using Pulse.
  7. Click Attachment in the Pulse feed. The attachment displays and the user can download it.

Root Cause

Since the design of the pyConfigureButton section, checks are not added in the pyManageAttachment or the  pxGetObjectFromCMIS out-of-the-box. This may be to allow users to decide about the flexibility of using When conditions for Attachment categories.
For pega-database stored attachments, changes to check attachment access are included since the beginning and hence it works correctly.


Perform the following local-change:

1. In the pyManageAttachment activity (available rule),

a. Add Step1.
b. Add a When condition to invoke the pxHaveAttachmentSpecificAccess function (as in the GetAttachmentReference Step 5) to decide the current user's access to the category.

If it returns false, set the error message on the .pyCMISDetails.pyErrorMessage property because the pxCMISAttachmentDetails section checks for error messages on this property.

2. The When condition is as below,

    @pxHaveAttachmentSpecificAccess(Primary, "pyAllowViewAll")

3. Configure the   properties as below,

Param.pyErrorMessage  = @Utilities.getLabel("Unable to open the attachment_You lack the required permission", "@baselass", tools)

.pyCMISDetails.pyErrorMessage = Param.pyErrorMessage

To avoid opening  a  modal dialog, perform the below steps:
  1. Customize the pyConfigureButton section to invoke the pxOpenLinkAttach as the first call.
  2. Call the data transform or activity that will invoke the pxHaveAttachmentSpecificAccess function to check the access.
  3. Set an error on a property (for example, pyErrorMessage) when there is no access or leave it blank.
  4. In the section on the Local Action config, add a When condition with 'Other property' and check for an empty string to launch.

Published October 22, 2019 - Updated December 2, 2021

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us