Edit activity log additional comments

Go to solution
rlehmann
Kilo Sage

‎08-08-2014 02:25 PM

We are currently running Dublin and I've been asked by our security team to remove a password which was accidentally added as an additional comment to a requested item.

I tried viewing the history list on the ticket and selecting the entry with the password to delete it, but delete doesn't appear to be an option.

Ideally, I would like to just edit the entry to only remove the password and not delete the entire additional comment.

I've been searching the forums and the wiki to see the best way to edit a previously entered additional comment in a requested item, but have not found anything outlining the steps to take, short of the process provided by Mark (http://www.servicenowguru.com/system-definition/remove-activity-log-journal-entries/).

I have to follow the change management process in my company, which would take at least a week to have all of that approved for implementation.

Since it is only the one ticket to update and they want it done quickly, I would much prefer to edit the entry manually.

Does anyone have details on the steps required to do so?

Thanks in advance for any and all suggestions.

Cheers

Ron L.

  • 29,746 Views
1 ACCEPTED SOLUTION

Go to solution
tmanino
Tera Expert

‎08-09-2014 09:29 PM

The text still shows in the activity history of the record because it is actually displaying history entries constructed from the sys_audit table. You need to remove the text from sys_journal_field first, where the current entry is actually kept. Then remove it from sys_audit, and finally remove the sys_history_set record. When the task record is displayed again, the history records will be rebuilt with the updated journal entries.



The procedure below will work. Practice on another instance before you do this in production, and exercise caution. You will need to use an admin account.



SEI is "sensitive electronic information," i.e. something you don't want exposed for everyone to see.


1 Obtain the sys_id of the record

  1. Open the record containing the insecure SEI.
  2. Right-click in the record header, and choose Copy sys_id.

2 Remove from sys_journal_field

  1. Use this URI to query the journal entries: https://your-instance.service-now.com/sys_journal_field_list.do?sysparm_query=element_id=sys_id
    • Replace sys_id with the sys_id of the record.
    • Replace your-instance with your instance name.

If there are a lot of records, you may want to refine the query, adding a "Value contains SEI" condition. Replace SEI with the text you seek.


  1. Edit the Value field of each record to remove the SEI.

3 Remove from sys_audit

  1. Use this URI to query the audit entries: https://your-instance.service-now.com/sys_audit_list.do?sysparm_query=documentkey=sys_id
    • Replace sys_id with the sys_id of the record.
    • Replace your-instance with your instance name.

It may be helpful to add conditions to the query for "Old value contains SEI" OR "New value contains SEI".


  1. Edit the text of the Old value and New value fields, removing the SEI.

4 Delete the sys_history_set record

  1. Query the sys_history_set table using this URI: https://your-instance.service-now.com/sys_history_set_list.do?sysparm_query=id=sys_id
    • Replace sys_id with the sys_id of the record.
    • Replace your-instance with your instance name.
  2. Delete the record that is returned.

View solution in original post

18 REPLIES 18

Go to solution
Teresa10
Tera Contributor
In response to tmanino

‎04-20-2023 10:06 AM

Thank you for these instructions!  I got to step 4, however I do not have the ability to delete the additional comment, the delete option is greyed out.  I tried to elevate my privs to see if that worked, but no luck.  Any suggestions?

0 Helpfuls

Go to solution
Chimenem
Tera Expert
In response to tmanino

‎05-10-2023 05:45 PM

Thank you tmanino very much for the detailed explanation and steps required to achieve the task.

0 Helpfuls

Go to solution
williamsun
Mega Guru

‎08-11-2014 05:37 AM

Now just to chime in here about process.


This is so freaking tough because it is audit.   It's supposed to be like this.


If a mistake was made, it needs to be logged and tracked, and the solution needs to be shown in the log as well.


What I would suggest, in this particular case, is to send a new password and log another comment stating "a new password has been given, the analyst included the password in the previous comments as a mistake"


Go to solution
tmanino
Tera Expert
In response to williamsun

‎08-11-2014 07:25 AM

Yes, I totally agree. Our situation is a bit different -- we need the ability to redact confidential information in case it is included in an inappropriate field. By process, it should not be, but we have to cover the situation where it may happen.


0 Helpfuls

Go to solution
rlehmann
Kilo Sage
In response to williamsun

‎08-11-2014 08:17 AM

Hi William


While I totally agree with your statement regarding process, I do also agree with Tony that sometimes you just need to edit the entry. In my case, I had the Director of my department specifically ask to have the entry removed, because the passwords provided are defaults and the comment specifically stated this. Definitely another process we have to review is giving a default password to each new hire, instead of generating a unique password each time.


Appreciate the suggestion though.


Thanks


Ron


0 Helpfuls