Is it possible to allow a restricted user to access the transaction items but cannot access the attachment?
This is for the occasion when I want to share the book to someone but don’t want to give them too much detail information contained in the invoice (such as product parameters, contact person, etc)
I would assume not.
But if this is a critical thing for you - there is a way. Build a separate application that accesses Manager using the REST API, and display only the information you need on the other application. You would control how the user authentication system works and what each user can see. This requires a developer in your local area to build it.
Thanks for your suggestion, I think of another work around. I just use the link in notes instead of attachment, and use another system to control the access of the linked file.
That is an excellent idea, and would definitely work.