On the attribute exclusions page (Admin > Groups > Attribute Exclusions) you are able to exclude access to certain assets based on the attribute values of that asset.
This is a useful way of hiding certain assets from groups of users, in addition to the general folder permissions structure. By default there are three attributes that relate to this functionality - "Active Status", "Activation Date", and "Expiration Date". The standard behaviour is that your public and logged in users cannot see assets where the Active Status is set to "Inactive" or "Expired". It is possible to change the Active Status from Inactive to Active, and Active to Expired, using the two aforementioned date attributes. This means you can both reveal and subsequently hide an asset when the specific dates are met.
Note: If a user is a member of another group for which the attribute exclusion settings allow the asset to be seen, then that takes priority and the user will be able to see the asset. This also applies to the *Logged In Users group - any attribute you want excluded from any other group must also be excluded from *Logged In Users.
Controlling asset privacy
Attribute Exclusions are a useful way of controlling the visibility of your assets on a case-by-case basis. The simple default is that if the 'Active Status' attribute is set to either 'Inactive' or 'Expired' then it will not be visible to your users. Coupling this feature with date attributes ('Activation Date' and 'Expiry Date') it is possible to control the lifecycle of an asset. For example, uploading a file as 'Inactive' which would then, on a specified date, change status to 'Active' - becoming visible to your users. A second expiration date could also be set, which would then update the status to 'Expired', causing the asset to be hidden from your users.