File Attachment Defaults: How are they handled?

I’ve been searching around the forums and issue tracker for a way to manage default publicity levels when uploading files. To date, I’ve only found unanswered questions on and github issues that haven’t really addressed a configurable default in any meaningful way. Looking at the code and the way it currently appears to work, it goes something like this:

Is the file an image?

  • No: mark the file as private
  • Yes: make it public

There is also a checkbox at the top of the form that adds to the confusion. It says “Make all attachments private” (unchecked), but it doesn’t have anything to do with the initial public/private status of the upload.

If this is indeed the way default publicity levels work on file uploads, it is inadequate for us. In our case, we work with our client’s images, and we don’t want the liability that comes with publishing their images online, even if nothing links to them. Sure, we can address this to an extent with training, but employees are only human and files will be uploaded publicly.

Here are a couple examples of questions on None of them have workable solutions:

Some issues on github:

Is there any way to make the default for uploaded images private that doesn’t involve forking frappe? A setting, or some way to change the default behavior via code?


Thanks for your post. We have the same very critical issue. We need a way to make sure all uploads are private by default. Hope there will be a solution soon!

It also appears that even if you set the upload to private, the file’s URL is still accessible to any logged in system user. This would be a concern if the file / image uploaded is confidential, say, to a particular user/employee.

1 Like