Hi,
You can use the authorization concept to achieve the same. There are authorization objects which will identify the attachment level and the user. Hope all your queries are answered in the KBA: 1539457 - Authorization concept while modify/delete attachments from Attachment list of Services for Object (GOS) You may check the same and revert back in case you need additional information.
Regards,
AKPT