diff --git a/datamodels/2.x/itop-portal-base/portal/src/controllers/objectcontroller.class.inc.php b/datamodels/2.x/itop-portal-base/portal/src/controllers/objectcontroller.class.inc.php
index 5aa2a32713..9eab1dec3b 100644
--- a/datamodels/2.x/itop-portal-base/portal/src/controllers/objectcontroller.class.inc.php
+++ b/datamodels/2.x/itop-portal-base/portal/src/controllers/objectcontroller.class.inc.php
@@ -1251,7 +1251,8 @@ class ObjectController extends AbstractController
         }
 
         // Checking security layers
-        if (!SecurityHelper::IsActionAllowed($oApp, UR_ACTION_READ, $sHostClass, $sHostId))
+	    // Note: Checking if host object already exists as we can try to download document from an object that is being created
+        if (($sHostId > 0) && !SecurityHelper::IsActionAllowed($oApp, UR_ACTION_READ, $sHostClass, $sHostId))
         {
             IssueLog::Warning(__METHOD__ . ' at line ' . __LINE__ . ' : User #' . UserRights::GetUserId() . ' not allowed to retrieve document from attribute ' . $sObjectField . ' as it not allowed to read ' . $sHostClass . '::' . $sHostId . ' object.');
             $oApp->abort(404, Dict::S('UI:ObjectDoesNotExist'));
diff --git a/sources/renderer/bootstrap/fieldrenderer/bsfileuploadfieldrenderer.class.inc.php b/sources/renderer/bootstrap/fieldrenderer/bsfileuploadfieldrenderer.class.inc.php
index de4e12782d..bd97a8109b 100644
--- a/sources/renderer/bootstrap/fieldrenderer/bsfileuploadfieldrenderer.class.inc.php
+++ b/sources/renderer/bootstrap/fieldrenderer/bsfileuploadfieldrenderer.class.inc.php
@@ -114,7 +114,7 @@ class BsFileUploadFieldRenderer extends FieldRenderer
 
 						$(this).closest('.fileupload_field_content').find('.attachments_container').append(
 							'<div class="attachment col-xs-6 col-sm-3 col-md-2" id="display_attachment_'+data.result.att_id+'">'+
-							'	<a data-preview="'+data.result.preview+'" href="'+sDownloadLink+'" title="'+data.result.msg+'">'+
+							'	<a data-preview="'+data.result.preview+'" href="'+sDownloadLink+'" target="_blank" title="'+data.result.msg+'">'+
 							'		<div class="attachment_icon"><img src="'+data.result.icon+'"></div>'+
 							'		<div class="attachment_name">'+data.result.msg+'</div>'+
 							'		<input id="attachment_'+data.result.att_id+'" type="hidden" name="attachments[]" value="'+data.result.att_id+'"/>'+
@@ -126,7 +126,7 @@ class BsFileUploadFieldRenderer extends FieldRenderer
 						if(data.result.preview){
 							$('#display_attachment_'+data.result.att_id).tooltip({
 								html: true,
-								title: function(){ return '<img src="'+sDownloadLink+'" style="max-width: 100%;" />'; }
+								title: function(){ return '<div style="width: 350px; height: 300px;"><img src="'+sDownloadLink+'" style="max-width: 100%; max-height: 100%;" /></div>'; }
 							});
 						}
 						// Showing remove button on hover
@@ -162,7 +162,7 @@ class BsFileUploadFieldRenderer extends FieldRenderer
 			$('.attachment [data-preview="true"]').each(function(iIndex, oElem){
 				$(oElem).parent().tooltip({
 					html: true,
-					title: function(){ return '<img src="'+$(oElem).attr('href')+'" style="max-width: 100%;" />'; }
+					title: function(){ return '<div style="width: 350px; height: 300px;"><img src="'+$(oElem).attr('href')+'" style="max-width: 100%; max-height: 100%;" /></div>'; }
 				});
 			});
 			// Remove button handler
@@ -232,6 +232,7 @@ EOF
      *
      * @param \Combodo\iTop\Renderer\RenderingOutput $oOutput
      *
+     * @throws \Exception
      * @throws \CoreException
      * @throws \OQLException
      */
@@ -264,7 +265,7 @@ EOF
 				$oOutput->Addhtml(
 <<<EOF
 				<div class="attachment col-xs-6 col-sm-3 col-md-2" id="display_attachment_{$iAttId}">
-					<a data-preview="{$sPreview}" href="{$sDownloadLink}" title="{$sFileName}">
+					<a data-preview="{$sPreview}" href="{$sDownloadLink}" target="_blank" title="{$sFileName}" >
 						<div class="attachment_icon"><img src="{$sIcon}"></div>
 						<div class="attachment_name">{$sFileName}</div>
 						<input id="attachment_{$iAttId}" type="hidden" name="attachments[]" value="{$iAttId}"/>