diff --git a/.vscode/launch.json b/.vscode/launch.json
index 33155498..396abc9b 100644
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -45,7 +45,7 @@
         //"AYANOVA_LOG_LEVEL": "Debug",
         "AYANOVA_DEFAULT_TRANSLATION": "en",
         //TRANSLATION MUST BE en for Integration TESTING
-        "AYANOVA_PERMANENTLY_ERASE_DATABASE": "true",
+        //"AYANOVA_PERMANENTLY_ERASE_DATABASE": "true",
         "AYANOVA_DB_CONNECTION": "Server=localhost;Username=postgres;Password=raven;Database=AyaNova;",
         "AYANOVA_USE_URLS": "http://*:7575;",
         "AYANOVA_FOLDER_USER_FILES": "c:\\temp\\RavenTestData\\userfiles",
diff --git a/server/AyaNova/biz/BizRoles.cs b/server/AyaNova/biz/BizRoles.cs
index 81813957..1ff156fa 100644
--- a/server/AyaNova/biz/BizRoles.cs
+++ b/server/AyaNova/biz/BizRoles.cs
@@ -426,6 +426,19 @@ namespace AyaNova.Biz
             });
 
 
+            ////////////////////////////////////////////////////////////
+            //FILEATTACHMENT ADMINISTRATION
+            //This is not for attachments themselves which are tied to the object they are attached to
+            //this is for things like maintenance jobs or viewing lists of all attachments in general for bulk ops etc
+            //  NOTE: Attachments are considered business data and as such are not available to OPS roles
+            // who are not allowed to see biz data    
+            roles.Add(AyaType.FileAttachment, new BizRoleSet()
+            {
+                Change = AuthorizationRoles.BizAdminFull,
+                ReadFullRecord = AuthorizationRoles.BizAdminFull | AuthorizationRoles.BizAdminLimited
+            });
+
+
             ////////////////////////////////////////////////////////////
             //OPERATIONS / JOBS
             //Only opsfull can change operations