- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-08-2014 02:25 PM
We are currently running Dublin and I've been asked by our security team to remove a password which was accidentally added as an additional comment to a requested item.
I tried viewing the history list on the ticket and selecting the entry with the password to delete it, but delete doesn't appear to be an option.
Ideally, I would like to just edit the entry to only remove the password and not delete the entire additional comment.
I've been searching the forums and the wiki to see the best way to edit a previously entered additional comment in a requested item, but have not found anything outlining the steps to take, short of the process provided by Mark (http://www.servicenowguru.com/system-definition/remove-activity-log-journal-entries/).
I have to follow the change management process in my company, which would take at least a week to have all of that approved for implementation.
Since it is only the one ticket to update and they want it done quickly, I would much prefer to edit the entry manually.
Does anyone have details on the steps required to do so?
Thanks in advance for any and all suggestions.
Cheers
Ron L.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-09-2014 09:29 PM
The text still shows in the activity history of the record because it is actually displaying history entries constructed from the sys_audit table. You need to remove the text from sys_journal_field first, where the current entry is actually kept. Then remove it from sys_audit, and finally remove the sys_history_set record. When the task record is displayed again, the history records will be rebuilt with the updated journal entries.
The procedure below will work. Practice on another instance before you do this in production, and exercise caution. You will need to use an admin account.
SEI is "sensitive electronic information," i.e. something you don't want exposed for everyone to see.
1 Obtain the sys_id of the record
- Open the record containing the insecure SEI.
- Right-click in the record header, and choose Copy sys_id.
2 Remove from sys_journal_field
- Use this URI to query the journal entries: https://your-instance.service-now.com/sys_journal_field_list.do?sysparm_query=element_id=sys_id
- Replace sys_id with the sys_id of the record.
- Replace your-instance with your instance name.
If there are a lot of records, you may want to refine the query, adding a "Value contains SEI" condition. Replace SEI with the text you seek.
- Edit the Value field of each record to remove the SEI.
3 Remove from sys_audit
- Use this URI to query the audit entries: https://your-instance.service-now.com/sys_audit_list.do?sysparm_query=documentkey=sys_id
- Replace sys_id with the sys_id of the record.
- Replace your-instance with your instance name.
It may be helpful to add conditions to the query for "Old value contains SEI" OR "New value contains SEI".
- Edit the text of the Old value and New value fields, removing the SEI.
4 Delete the sys_history_set record
- Query the sys_history_set table using this URI: https://your-instance.service-now.com/sys_history_set_list.do?sysparm_query=id=sys_id
- Replace sys_id with the sys_id of the record.
- Replace your-instance with your instance name.
- Delete the record that is returned.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-09-2014 09:29 PM
The text still shows in the activity history of the record because it is actually displaying history entries constructed from the sys_audit table. You need to remove the text from sys_journal_field first, where the current entry is actually kept. Then remove it from sys_audit, and finally remove the sys_history_set record. When the task record is displayed again, the history records will be rebuilt with the updated journal entries.
The procedure below will work. Practice on another instance before you do this in production, and exercise caution. You will need to use an admin account.
SEI is "sensitive electronic information," i.e. something you don't want exposed for everyone to see.
1 Obtain the sys_id of the record
- Open the record containing the insecure SEI.
- Right-click in the record header, and choose Copy sys_id.
2 Remove from sys_journal_field
- Use this URI to query the journal entries: https://your-instance.service-now.com/sys_journal_field_list.do?sysparm_query=element_id=sys_id
- Replace sys_id with the sys_id of the record.
- Replace your-instance with your instance name.
If there are a lot of records, you may want to refine the query, adding a "Value contains SEI" condition. Replace SEI with the text you seek.
- Edit the Value field of each record to remove the SEI.
3 Remove from sys_audit
- Use this URI to query the audit entries: https://your-instance.service-now.com/sys_audit_list.do?sysparm_query=documentkey=sys_id
- Replace sys_id with the sys_id of the record.
- Replace your-instance with your instance name.
It may be helpful to add conditions to the query for "Old value contains SEI" OR "New value contains SEI".
- Edit the text of the Old value and New value fields, removing the SEI.
4 Delete the sys_history_set record
- Query the sys_history_set table using this URI: https://your-instance.service-now.com/sys_history_set_list.do?sysparm_query=id=sys_id
- Replace sys_id with the sys_id of the record.
- Replace your-instance with your instance name.
- Delete the record that is returned.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-11-2014 08:10 AM
Hi Tony
Thanks very much for the excellent explanation and the detailed steps required.
Greatly appreciated.
Ron
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-15-2015 08:28 AM
Any impact of deleting the sys_history_set data?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-15-2015 10:57 AM
Prepared the below script following your post.
eraseSpecificPhreaseFromIncidentActivityLog('+dfdfMe(V8', '89311f494fe602000e34926ca31e445453335340c74f'); //phrase and incident sys id
function eraseSpecificPhreaseFromIncidentActivityLog(phrase, id) {
try {
var gr = new GlideRecord('sys_journal_field');
gr.addEncodedQuery('element_id=' + id + '^valueLIKE' + phrase);
gr.setLimit(1000);
gr.setWorkflow(false);
gr.autoSysFields(false);
gr.query();
while (gr.next()) {
gr.value = customReplace(gr.value.toString(), phrase);
gr.update();
}
gr = new GlideRecord('sys_audit');
gr.addEncodedQuery('documentkey=' + id + '^oldvalueLIKE' + phrase + '^ORnewvalueLIKE' + phrase);
gr.setLimit(100);
gr.setWorkflow(false);
gr.autoSysFields(false);
gr.query();
while (gr.next()) {
gr.oldvalue = customReplace(gr.oldvalue.toString(), phrase);
gr.newvalue = customReplace(gr.newvalue.toString(), phrase);
gr.update();
}
gr = new GlideRecord('sys_history_set');
gr.addEncodedQuery('id=' + id);
gr.setLimit(100);
gr.setWorkflow(false);
gr.autoSysFields(false);
gr.query();
while (gr.next()) {
gr.deleteRecord();
}
gr = new GlideRecord('incident');
gr.addEncodedQuery('sys_id=' + id);
gr.setLimit(1);
gr.setWorkflow(false);
gr.autoSysFields(false);
gr.query();
if (gr.next()) {
gr.description = customReplace(gr.description.toString(), phrase);
gr.update();
}
} catch (e) {
gs.print('error:' + e);
}
}
function customReplace(original, phrase) {
while (original.indexOf(phrase) != -1) {
original = original.replace(phrase, '')
}
return original;
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-15-2018 08:46 AM
Followed your instructions to a "T" and it worked great!
Only change I made was #4, sys_history_set.
Instead of that table, I simply went to sys_history_line, and deleted the offending line.
