Can uploading attachments via a Service Request be restricted to certain users?

Hello

During a recent cybersecurity event, a vulnerability was found within TD, in regards to attachments: anybody can attach them, and they are not scanned for viruses or scripts, etc.

I understand that email is a bit more locked down (based on this article (https://solutions.teamdynamix.com/TDClient/1965/Portal/KB/ArticleDet?ID=9569). Is there a way that we can restrict or limit adding an attachment to only those customers who are logged into TDNext? If not, are there any steps I, as the TD Admin, can take to control this?

 

Thank you

Thank you,

 

Eugene McGeehan

UNH Project and Portfolio Management

TeamDynamix Application Administrator

University of New Hampshire

 

Tags attachment
Asked by Eugene McGeehan on Thu 1/12/23 4:28 PM
Sign In to leave feedback or contribute an answer

Answer (1)

This answer has been marked as the accepted answer
Brittany Renn Thu 1/12/23 5:00 PM

Hi Eugene, 

There is not a setting that facilitates restricting who can add attachments to a ticket. If you have permission to view the ticket in the client portal or in TDNext, you can add attachments to it, because that should mean you were either the Creator of the ticket, the Requestor of the ticket, or a Contact on the ticket.

Please let me know if you have further questions. 

Best,

Brittany Renn

TDX Support

No feedback
Can attachments be restricted by type? As in, only allow say, .doc, .xls, or .pdf? - Eugene McGeehan Fri 1/13/23 8:59 AM
Unfortunately that is not possible. The system is configured in its code to accept the files mentioned in the following KB: https://solutions.teamdynamix.com/TDClient/1965/Portal/KB/ArticleDet?ID=9569 - Mark Sayers Fri 1/13/23 9:13 AM
We don't scan files that are uploaded, but you can restrict who can upload them (in a way) by not having the attachment field on your public forms. - Mark Sayers Tue 1/17/23 9:56 AM