Attachment Encryption: File attached using saveResponseBodyAsAttachment

Arjun Thakur · ‎12-01-2023

Hello community@snc,

See the code snippet pasted below.

If I omit the context_sys_id, the saveResponseBodyAsAttachment uses some random encryption context.

Now I am forcing General Encryption context, but many users cannot see attachment.

1. Is there way to force 'NONE' encryption?

2. why would user not see files with 'General Encryption'.

Thanks.

var context_sys_id = "sys_id_of_General_Encryption";

var sm = new sn_ws.RESTMessageV2('ReportArtificats', 'getReportFIle');

sm.setEndpoint(report_pointer + '&OnlyPDF=Yes');

sm.setHttpTimeout(60000);

sm.saveResponseBodyAsAttachment('change_request', change_sys_id, 'my_report.pdf', context_sys_id);

var response = sm.execute();

status = !JSUtil.nil(response.getResponseAttachmentSysid());

Marcus Walbridg · ‎12-01-2023

ServiceNow uses encryption contexts to secure attachments, and by default, it uses the context associated with the table or the one set in the 'context_sys_id' parameter. To address your questions:

Forcing 'NONE' encryption: Unfortunately, there isn't a direct way to force 'NONE' encryption when saving the response body as an attachment. The encryption context is crucial for securing sensitive data. If the default context or the 'General Encryption' context is applied, it's due to security measures.
Visibility issues with 'General Encryption': Users might not see files encrypted with the 'General Encryption' context due to lacking proper decryption rights. In ServiceNow, encryption contexts are tied to ACLs (Access Control Lists), and users need the necessary privileges to decrypt and view the attachment.