I have a module for version controlling important company documents. The main model has a Many2one field to ir.attachment like so...

class Document(models.Model):

...other fields

attachment_id = fields.Many2one(comodel_name='ir.attachment')

...methods

In this module I created an administrative group that alone has the permissions to create, edit, and delete the Document model; all other users have read only access. These documents are supposed to be version controlled by management and made accessible to employees for their respective jobs.

The problem I am running into is that any user can just navigate to the form view for a Document record's related attachment and edit it to their hearts content. The reason why this occurs is because access controls and security rules are defined per model; however, in this case, I need the related attachment to inherit the access and security rules of the Document model.

I am scratching my head trying to think of the cleanest way to solve this problem. So far I have the following ideas.

1. Just use fields.Binary field with attachment=True. This way the property is set directly on the Document model and thus all access and security rules will be enforced. My understanding of the "attachment=True" attribute is that it transparently creates an ir.attachment record for you behind the scenes. However, it does not appear that you can access the related attachment record that the framework creates for you, which seems less flexible to me.

2. Add a record rule that restricts modifying an attachment record unless you are the owner of that attachment. This could ork, but it could have some negative consequences down the road in situations where multiple users need access to attachments.

3. Create a new model that inherits "ir.attachment". Any access control  rules and security rules applied to this new model will be isolated and will not effect the behavior of attachments in other modules.

Any thoughts ans suggestions would be greatly appreciated.