Edit activity log additional comments

Go to solution
rlehmann
Kilo Sage

‎08-08-2014 02:25 PM

We are currently running Dublin and I've been asked by our security team to remove a password which was accidentally added as an additional comment to a requested item.

I tried viewing the history list on the ticket and selecting the entry with the password to delete it, but delete doesn't appear to be an option.

Ideally, I would like to just edit the entry to only remove the password and not delete the entire additional comment.

I've been searching the forums and the wiki to see the best way to edit a previously entered additional comment in a requested item, but have not found anything outlining the steps to take, short of the process provided by Mark (http://www.servicenowguru.com/system-definition/remove-activity-log-journal-entries/).

I have to follow the change management process in my company, which would take at least a week to have all of that approved for implementation.

Since it is only the one ticket to update and they want it done quickly, I would much prefer to edit the entry manually.

Does anyone have details on the steps required to do so?

Thanks in advance for any and all suggestions.

Cheers

Ron L.

  • 29,748 Views
1 ACCEPTED SOLUTION

Go to solution
tmanino
Tera Expert

‎08-09-2014 09:29 PM

The text still shows in the activity history of the record because it is actually displaying history entries constructed from the sys_audit table. You need to remove the text from sys_journal_field first, where the current entry is actually kept. Then remove it from sys_audit, and finally remove the sys_history_set record. When the task record is displayed again, the history records will be rebuilt with the updated journal entries.



The procedure below will work. Practice on another instance before you do this in production, and exercise caution. You will need to use an admin account.



SEI is "sensitive electronic information," i.e. something you don't want exposed for everyone to see.


1 Obtain the sys_id of the record

  1. Open the record containing the insecure SEI.
  2. Right-click in the record header, and choose Copy sys_id.

2 Remove from sys_journal_field

  1. Use this URI to query the journal entries: https://your-instance.service-now.com/sys_journal_field_list.do?sysparm_query=element_id=sys_id
    • Replace sys_id with the sys_id of the record.
    • Replace your-instance with your instance name.

If there are a lot of records, you may want to refine the query, adding a "Value contains SEI" condition. Replace SEI with the text you seek.


  1. Edit the Value field of each record to remove the SEI.

3 Remove from sys_audit

  1. Use this URI to query the audit entries: https://your-instance.service-now.com/sys_audit_list.do?sysparm_query=documentkey=sys_id
    • Replace sys_id with the sys_id of the record.
    • Replace your-instance with your instance name.

It may be helpful to add conditions to the query for "Old value contains SEI" OR "New value contains SEI".


  1. Edit the text of the Old value and New value fields, removing the SEI.

4 Delete the sys_history_set record

  1. Query the sys_history_set table using this URI: https://your-instance.service-now.com/sys_history_set_list.do?sysparm_query=id=sys_id
    • Replace sys_id with the sys_id of the record.
    • Replace your-instance with your instance name.
  2. Delete the record that is returned.

View solution in original post

18 REPLIES 18

Go to solution
williamsun
Mega Guru
In response to rlehmann

‎08-11-2014 11:00 AM

Is this a Service-Now user password?   if so, I have managed to make a UI Action that uses the same script as the "reset my password" process on the home screen that creates a random password, updates it, checks off the "reset pwd on next login" flag and sends the new pwd to the user's email.


Just in case, this is the the page where I posted this solution:


https://community.servicenow.com/thread/169062


0 Helpfuls

Go to solution
rlehmann
Kilo Sage
In response to williamsun

‎08-11-2014 11:34 AM

Hi William


Actually, these passwords were not for ServiceNow, as we leverage active directory integration for our logins.


I did check out your script and it does look very handy for those that can leverage the capability.


Thanks


Ron


0 Helpfuls

Go to solution
qster
Kilo Guru

‎09-21-2020 02:39 PM

Change the password!

0 Helpfuls

Go to solution
MohammedAsK
Tera Contributor

‎09-24-2024 06:34 AM

If anyone is unable to delete the record from sys_history (delete is greyed out) then may have to use the script (it worked for me)

First delete from sys_journal_field

Then delete from sys_audit_list

If you're able to, delete from sys_hystory_list
If the record is greyed for delete, then open the entry which contains the comment, Use the script to delete this record.

 

		var gr = new GlideRecord('sys_history_line');
		gr.addQuery('sys_id', 'SYS_ID_OF_RECORD');
		gr.query();
		
		while(gr.next()){
		        for(var key in gr){
		                gs.info("Key: " + key + " val: " + gr[key]);
		                
		        }
		        gs.info(gr.deleteRecord());
		}
		
		gs.info("END");

 



image.pngimage.png

0 Helpfuls