Forum Discussion

Denin's avatar
Denin
Qrew Assistant Captain
2 days ago
Solved

Secure Links & File Attachments

I have an EOTI user and role. They can only access records where the key = valid. This much works as expected. The problem is on records they can access, if they click a file attachment (just a field on the same record), it returns a Quickbase not found error page. Doesn't let them access the attachment.

In the Quickbase docs it says:

"You can use the EOTI group to provide access to file attachments at a more granular level than what Quickbase offers, that is, using Quickbase without custom code or API access from a separate environment."

So it seems like it should work. What am I missing?

other
  • MarkShnier__You's avatar
    MarkShnier__You
    16 hours ago

    I'm guessing it's possible that File attachments do not recognize access keys. But if you go to the field properties for the File attachment field and enable this checkbox below, then anyone on the Internet, even those without a secure access key will be able to view the file. So it does in theory lower your security threshold, but in reality, nobody can really get to the record to click the link unless they had the secure access key in the first place.

    Allow open accessAllow access to this file attachment from a Quickbase link without signing in

4 Replies

  • MarkShnier__You's avatar
    MarkShnier__You
    Icon for Qrew Legend rankQrew Legend
    2 days ago

    If you were willing to set the checkbox on the file attachment field to allow users who are not logged in to see the file attachment, that will no doubt solve the problem. 

    • Denin's avatar
      Denin
      Qrew Assistant Captain
      2 days ago

      Thanks for the reply Mark. Can you clarify what you mean? Want to be sure I understand.

      They can see the field and file named on the record with the secure key access. But clicking on it returns a not found error. A logged in user has no error, or if I change EOTI permissions so they can just view everything without a secure key, then it works also. Seems file attachments don't recognize access keys.

      • MarkShnier__You's avatar
        MarkShnier__You
        Icon for Qrew Legend rankQrew Legend
        16 hours ago

        I'm guessing it's possible that File attachments do not recognize access keys. But if you go to the field properties for the File attachment field and enable this checkbox below, then anyone on the Internet, even those without a secure access key will be able to view the file. So it does in theory lower your security threshold, but in reality, nobody can really get to the record to click the link unless they had the secure access key in the first place.

        Allow open accessAllow access to this file attachment from a Quickbase link without signing in