You are correct. I can restrict certain documents by using QueryOpen event.
The interesting point here is, those documents contain attachment also. So If the restricted user opens the document, I can restrict them in QueryOpen.
But if the restricted user opens the attachment which is in the document by using direct URL, How can I enforce the security on that? for eg of URL, http://Host/Database/View/Document/$File/Filename?OpenElement
I highly appreciate your help.