We are having an odd issue with attachment security which seems to be somewhat intermittent. From time to time, certain users will have issues opening up specific attachments on GSM specifications. Meanwhile, users in the same groups with the same site access can still open up the attachments. What does the system use to determine whether or not a user can open an attachment on a GSM Specification?
If they are users with the exact same permissions then it sounds like a potential bug or general deployment issue. However, you could have object level security turned on. If you see the "classification" field on a supporting document that means you have it turned on. If it is on, user groups need to be associated with the specific classifications to have access. If the user doesn't have access to the classification they won't be able to open the supporting document.