You could create an in-transaction data directive BPM on ice.xfileref where you log the user id of the user that uploaded the file. We don’t have any unused columns on this table, so you might want to extend this table using extended ud table maintenance first so you have a field to write that user name to. This record includes the file name (basefilename) and full path (xfilename) of the attachment that was uploaded so it would be straightforward to figure out who did what when at that point by searching this table (select * from xfileref where basefilename='crazy_large_file_muhahahaha.png' ) - even if you can’t stop a user from uploading it.
Regarding disk quotas: be aware that per user quotas won’t really work well with the default file transfer method that we use unless you really only care about the total size of all attachments not exceeding some size on a shared volume.
There are two ways in which file attachments can be copied to the file server from the Epicor client: through our business object (default - only the application pool identity user needs read/write to the file store location) or what we call “direct” which is the same as if the user opened Windows Explorer and pasted the file in the location (each user that adds/accesses attachments needs read/write to the share location where the attachments are located). If you use the business object approach (and all E10 customers do; and we removed the tag in the client .sysconfig files so it isn’t easy to change from the default) all files are created with the user identity on the application pool. Just an FYI.