We would like to make it so files created at https://phabricator.wikimedia.org/file/upload/ can only be set to certain Can View values (or hide the Can View setting there entirely, but in that case we would need to make sure you could still create private files as part of our private tasks implementation).
I think we would exclude "All Users" (since it provides no security and goes against our normal policy of Public). I'm not sure which others we would exclude.
The general concept of the feature is the same as for Maniphest. We already hide Can View there (https://phabricator.wikimedia.org/maniphest/task/create/). I believe the security field there is custom to us.
See See https://phabricator.wikimedia.org/T1248