Actually security roles do not impact a person's ability to open attachments. What kind of attachment is it? Is this a file that has been added from a shared file storage location like OneDrive/Google Drive?
What page specifically does this person reach when they attempt to access the file (screen shot)?
Sr Support Consultant, CS