Setting Security for Attachment Types

Use the VA Attachment Type Security form to set security for attachment types.

This is useful when certain documents are confidential, and you do not want all users to have access. For example, you could restrict access to the HR Drug Test Results, HR Employment App, and other attachment types that are usually associated with documents that may contain sensitive information.

Note: Even though users may have been given access to an attachment type, to view documents that are attached to a data record, those users must have permissions to view the record in the form. See VA Form Security for giving users access to forms.

Assign security for all users prior to allowing them access to the system. It is recommended that you assign security to groups of users. Then, if desired, you can customize individual user settings. These access levels are available for attachment type security access:

  • Allowed – Use this option to grant access for the specified attachment type.

  • None – This option does not set any specific access to the attachment type. It is most commonly used at the user level to defer security to the group level.

See VA Security Groups and About the Interaction Between Group and User Level Security Settings to learn more.

To set security for attachment types:

  1. In the DM Attachment Types form, confirm that the Secured box is checked for the attachment types to which you want to apply security settings. You can set up security on only these secured attachment types.
  2. Open the VA Attachment Type Security form.
  3. In the Attachment Type field, either:
    • Enter the attachment type for which to set up security, or press F4 for a list of attachment types

    • Leave this field blank to set up security on all attachment types

  4. In the Company section, select to filter by either a Select Company or Across All Companies.
    • If you selected Select Company, enter the company number in the text box, or press F4 to select from a list of companies. If you do not see a company in this list, you may not have been granted form security permissions to administer attachment type security for that company.

    • If you do not have security permissions for all companies, the all-companies option displays as Across Companies I have permissions for. For more information, see Company.

  5. In the Group/User section, select to filter by either Security Group or User.
    • If you selected Security Group, enter a specific group in the text box, or leave it blank to filter by all groups.

    • If you selected User, enter a specific user in the text box, or leave it blank to filter by all users.

  6. Click the Refresh button. The system displays all records matching the filter criteria in the grid.
    Note: The grid displays only secured attachment types (the Secured box in DM Attachment Types is checked).
  7. Set access levels:
    • To set access levels for individual records: In the grid , use the drop-down in the Access column to set the access level for each attachment type.

    • To set the same access level for all records: Click Initialize Access Level. In the Initialize Security Access form, select an option in the Access Level section and click Apply. The Initialize Security Access form closes, and all records in the VA Attachment Type Security grid display the same access level.

    Note: By default, attachment security is set up on the following:
    • Audit reports attached using the HQ Batch Control form are assigned the HQ Sensitive attachment type.

    • PR Ledger Update audit reports are assigned the PR Sensitive attachment type.

    Note: Users needing access to these must be given access to the HQ Sensitive and PR Sensitive attachment types.
  8. In the VA Attachment Type Security form, click the Apply button. A message displays stating that the system updated query security successfully.
    Note: If you set attachment type security for security groups, and then need to customize an individual user, repeat the above steps with filtering by that user and then changing the access level appropriately for individual attachment type.