In my custom module I use ir.attachment. I added a custom group .

I am trying to set the only read access to the group members.

<record id="ir_attachment_rule_document_access" model="ir.rule">
        <field ref="base.model_ir_attachment" name="model_id"/>
        <field name="name">Document Access</field>
        <field name="perm_read" eval="True"/>
        <field name="perm_write" eval="False"/>
        <field name="perm_create" eval="False"/>
        <field name="perm_unlink" eval="False"/>
        <field name="groups" eval="[(4, ref('lmc_crm.group_doc_user'))]"/>
</record>

I added the access rule in security file,but does not working.(The still read,write,create and unlike acces still there).

Questions 

1)How to set access rule correctly in ir attachment.?

2)is any other method to set the only read access to particular group?