Hello, I have created a privacy rule for uploading files restricted to an admin role, and attached the file to a thing in my DB.
However, the file can still be viewed, and it gives me a URL with an AWSAccessKeyID and an Expires field. This link can still be accessed in incognito without logging in.
Any ideas? I’ve tried different variations of privacy rules, but it still seems that the files have a link which can be accessed without needing a specific user role.
Your file is secure if you have set your privacy rules correctly and make file private. This link is only created for the logged in user when this user access the file (and have an expiry date) or from the DB/filemanager
@Jici How do I make it so that in the front end, it doesn’t create this link. Even when I’m logged out and create a workflow to open the file, it still opens with the entire link (expiry date + aws key)
In your screenshot… What is the field that store the file?
Also, are you sure that “parent group vendor_registration” have an item set? What if you inspect?
Because according to your screenshot, if the privacy rules is the one for vendor registration, is shouldn’t be possible to see the whole item, not just the file. So if you see the item too, you are logged in…