I would like to set file (attachment) permissions for users in TestDirector so that only a certain group of users are allowed to modify, delete, or upload attachments; another group of users should have read-only permissions. Any ideas?
You should be able to do this through Group permissions. If you don't have tdadmin rights, get the person who does to check this for you. Put the users into different groups according to their function. For those who you want to deny Attachment permissions, set the group permissions to deny Attachments.
As for read-only, I don't think there's an impact from permissions once the attachment is actually uploaded. So, the group that you deny Attachment permission to should still be able to look at the attachments.
Try it out and tweak as needed to fit your needs.
Bob is right, except on the Defects module for which the Attachments field does not appear in the list of fields that you can disable for a given group (at least in TD80SP2).
For that case, and for denying upload of attachments to a given group, you'd have to use the workflow. There are Attachment_CanOpen functions in all modules that you'd have to program to return false if User.IsInGroup ("<not allowed>"). Same thing with Defects_Attachment_CanPost, Defects_Attachment_CanDelete and Defects_Attachment_New.
As an alternative for the management of defects attachments, you can make advantage of a known problem (Mercury KB #18572) by creating your special group as a copy of the Viewer group. "If you created the user group and copied permissions from the Viewer Group originally, some hidden permissions that the Viewer Group does not have cannot be turned on".