I’ve got a file object related to a user and I want only the related user to be able to access/download the file.
I’ve noticed that it’s possible to access files by incrementing the ID in the URL, for example if I got the URL below I could keep incrementing until I got another file that potentially wasn’t related to my User record.
HOSTNAME/file/record_field_file/153203/file_id/filename.pdf (not related)
Is it possible to put restrictions on this to prevent anyone from being able to do this. I had a look on the file object settings but couldn’t see anything.