Security Update: Enhanced Access Controls for Attachment Fields

We’re actively rolling out a major security enhancement to attachment fields, giving you more control over how secure files are accessed within your app.

What’s New?

Secure files are now only accessible within your app, even on insecure pages. Additional restrictions can be applied to limit access based on user roles or relationships.

You now have three new file access restriction options:

1. Restrict by Logged-In User Field

Restrict access to users who are directly connected to the file via a field that links to the Users table.

Example: A “File Uploaded By” field connects the record to a specific user. Only that user can download the file.

2. Restrict by Logged-In Role

Allow only users with a specific role (e.g., Admin, Manager) to download the file.

3. Restrict by Role or Field (OR Logic)

Combine both restrictions to allow access to either:

The connected user (from option 1), or
A user with a specified role.

Ideal for use cases like: “Only the file owner or an Admin can access this file.”

Please Note:

These options only apply to secure files and do not override access restrictions defined in the builder. Be sure to configure secure file access appropriately within your app settings.

How did we do ?

Equation Scheduler (Available on Select Plans)

Pipescripts & Security Enhancements