I've been reviewing user roles and user groups recently and restricting record form access/views (in the Blueprint forms library)

Users that aren't assigned to a form - either as part of a group (Grants manager or programme officer) or individually (single person) now only see a system default view, with minimal information or read only information on the record screen.

However, I would also like to take that further and restrict them from seeing particular documents attached to that record. For example, we might have a bank statement proof attached, which we dont want them to have access too, where as other staff do need to see this (our admin group for example). I don't want to restrict document access completely - just certain documents that might be sensitive.

Could we have an option when uploading documents manually - to tick a box to restrict to 'Admin' only (although that isnt particularly ideal as something could be attached without this being ticked)

And in future planning - if we were to collect these sensitive documents via the applicant portal (via a requirement form published to that portal) - it would be great to be able to set either individuals or a group to only have access to that download within the records - and have that hardcoded in the back of the requirement form.

(for example, when creating the requirement form in the applications form manager - to select access to that form and any attachments requested against it - only for the 'admin' group (Or individuals as assigned)

sorry if that sounds overcomplicated!