Ability to set security so users can see only certain attachments

Sometimes auditors are given access to parts of HRMS and would need to look at attachments. Currently you can either see every attachment or none of them. This would also help streamline what users can have access to, so that HIPAA is not violated.