How to create an attachment

HI All,

I have a requirement to attach an image to a patient. To achieve this I have followed the following process:

AttachmentsContext attachmentsContext = Context.getRegisteredComponents(AttachmentsContext.class).get(0);

AttachmentsService attachmentsService = attachmentsContext.getAttachmentsService();
ComplexObsSaver obsSaver = Context.getObsService(ComplexObsSaver.class).get(0);|

try {
    Base64MultipartFile multipartFile = new Base64MultipartFile(base64Image);
    Obs obs = obsSaver.saveImageAttachment(null, florencia, null, fileCaption, multipartFile,

} catch (IOException e) {

I do not see any exception as such but same time i am not able to see the attachment on the specific patient. Any help in this is much appreciated.

Thanks, Vikram.

What is obsService.saveObs() used for? Did you also check the obs database table to confirm that it was not saved? How are you checking the attachment on the specific patient (which url)? Could it be that it is a user interface page that expects attachments which have visits or encounters?

HI @dkayiwa Thanks for your reply. I see i was able to store the attachment and above to see the attachment in “super user” attachment page. I am not able to see attachment for other users who have the privilege “App:”. Not sure of the problem.


Is it related to this? Give permission to upload attachments to a provider

Hi @dkayiwa Yes I am looking at the same problem. I see we have attachment module version 3.0.0 and I have enabled the privilege “App:” on our role.

Obs obs = obsSaver.saveImageAttachment(dummyVisit, florencia, orderEncounter, fileCaption, multipartFile, "Notes for user "+florencia.getFamilyName());

When I try to attach an image, I am able to see the attachment on a super account not on other accounts.

At the API level, App: will not work. We used to hack around it with Context.addProxyPrivilege(privilege) where we added the privileges required deep down in the API call chain.

In OpenMRS 2.x, we created a role Privilege Level: Full where we added all the necessary API level privileges: openmrs-module-emrapi/ at master · openmrs/openmrs-module-emrapi · GitHub

Then the app level privileges like App: are for enforcing user interface level permissions but when behind the scenes, at the API level, a number of privileges are involved.

Do you have the list of privileges that standard user’s have in your distribution? The attachments module mostly doesn’t add it’s own privileges, but users should have privileges to be able to view and get observations and concepts, at the very least.

HI @ibacher @dkayiwa We have provided Doctor, provider, a custom “Has associated patients” role and “App:” role for the user trying to access the attachment. Still we do not see any break so far.


So, as Daniel mentioned, the App: was a privilege for controlling an app in 2.x. It’s not applicable here. That’s why I was asking what other privileges you assigned to the Doctor role since that will actually control whether the user can see attachments or not…

Hi @ibacher I used the defualt openmrs doctor role, and Provider provider roles. I did not do any customization on these roles.

HI @dkayiwa

I get your point when working with an api. Our use case here is doing the same throguh an openmrs module. What are the permissions required for the attachments to be available for a non super user?

Thanks, Vikram Modugu.

When you look at the server side log, there should be some errors with the missing privilege.

Hi @dkayiwa and @ibacher, I also have difficulties to get attachments to work for openmrs3. I have a new docker installation without any changes to roles or permissions.

I find that when I give a user all roles apart from System Developer the attachments section is not displayed. I can reproduce this by adding and removing System Developer Role for the user.

I tried to understand how that role might differ from other roles, e.g. System Administrator, but the privileges for System Developer are not displayed.

I don’t see any related errors in the frontend or backend logs.

I am new to openmrs3 (great work btw) and might be missing some basic points, but it looks like I am stuck. I would greatly appreciate any help. Thanks Jo

The user needs to have the View Attachments privilege, which is usually added by the attachments module. Do you have the attachments module included in your install and the View Attachments privilege associated with your user’s role?

1 Like

Thanks @ibacher , that did the trick! I went to privileges in Admin and created a new privilege “View Attachments”. Then I added it to the provider role and it worked. :+1:

I still have one issue, though. I can upload a new attachment, but I don’t seem to be able to save it.

I’m not quite sure I understand what behaviour you’re describing? Maybe some screenshots would be helpful? There may be some other privileges need to actually create an attachment.

@ibacher As far as I can see Role System Developer has a save button all other roles don’t. See attachment Screenshot 2023-11-01 at 17.44.12

1 Like

I think I found the privilege. For anyone also interested, it is “Create Attachment”

I guess because of this, @ibacher?

  <UserHasAccess privilege="Create Attachment">
    <Button kind="secondary" size="lg" onClick={cancelCapture}>
      {t('cancel', 'Cancel')}
    <Button type="submit" size="lg" onClick={saveImageOrPdf} disabled={emptyName}>
      {t('addAttachment', 'Add attachment')}

Yes, it is. That’s in a awkward place. It’s this Add Attachment button that should have the privilege check, not the ones on the modal.