The real issue is a design issue. So even if we do create rights for the ability of opening these files thru the software users would still be able to browse in windows to the attachment folder and see all files.
So if they are highly sensitive this option would not be secure enough. So instead of giving a false sense of security we did not implement this yet.
What do you think?