Hi Shruti
Sorry for the late reply, is your query resolved ? We just tied authority checks within BADI GOS_SRV_REQUEST to allow for authorization check on who can display/upload/download documents for object LFA1 .. at the same time auth object S_GOS_ATT was changed to include activity 03 for display (i.e Vendor t-codes XK02/03). You should be able to get it implemented with help from an ABAP Consultant. Something on similar lines is available in the following thread:GOS Authorization
Hope this helps.
Thanks
Prashant