Any recommendation to mitigating potential issues for downloading attachments for some specific users?Issue ProblemCustomer is using scripted access on whitelist IP address to restrict external users to download attachments to personal devices. Is that a good option to use? ReleaseGenericResolutionSteps to Resolve You can continue using the scripted access controls to define a whitelist for the export function. The only potential problem with that is to maintain the amount of IP addresses. The other option you can use is restrict the access by external / internal roles and avoid the feature for external users combined with security attributes on the ACLsFor more information about that, you can check this.=> Explicit Role plugin (instance security hardening)=> Security attributesNote: Consider to review that first before implementing because for some customers could be a big change depending of the validations provided by the documentation. Also, if decided to use it, we recommend to do that in a sub-prod instance first.