Fill an encrypted text field from a record producer for user wo any role

Patrick Boutet · ‎11-21-2018

Hi

We have a record producer to create data in a specific table (say u_test)
This table contains an encrypted text field (say u_secret)
Itil role is associated to a specified encryption context

When an itil user creates a record in this table using our record producer, everything is fine.
Field u_secret is encrypted using our encryption context

But when end users (without any role) do the same thing, field u_secret is empty.

We tried

1. Direct mapping to field from record producer
2. Script in RP with
current.u_secret.setContextID(ourEncryptionContextId);
current.u_secret.setDisplayValue(producer.u_secret);

3. Business Rule to encrypt field u_secret when inserting data in table u_test

None of these works !

I think that the issue could be related to the fact that users without any role could not be associated to our Encryption Context.

Do you have any idea ?

Regards

Ian Mildon · ‎11-21-2018

I have previously used Easy Encryption from the Share site to handle this issue. By use of the "to_be_encrypted" field you can have a public facing text field that anyone can enter data in plain text, and on the "back end" the data is encrypted to the encryption context selected.

On my Record Producer I had the following in the Script section to handle the text and formatting:

current.to_be_encrypted = 'NPI Number: ' + producer.npi_num + '\n' + 'Care Team: ' + producer.care_team; //pass data for encryption

But one thing you will need to consider when using encryption off of a Record Producer; all variables are stored in plain text. You will need to do some follow-up scripting to remove the entries on the question_answer table.

View solution in original post

ARG645 · ‎11-21-2018

Patrick,

If the end user doesnt have the role associated with the encryption context, then the end user cannot read/write to the encrypted field. Assign the role to the end user and try reproducing the problem.

Thank you,

Aman Gurram

Patrick Boutet · ‎11-21-2018

Hi,

If I give a role to all end users, will we have to pay licences fee ?

ARG645 · ‎11-21-2018

Licensing changes now and then. Resulting that not all customers have the same license type depending on when it was bought. I would recommend to talk with the ServiceNow representive.

If you are not charged for the custom role then a nice approach to tackle this would be, to create role say "encryption_field_access" and assign this role to End users. Also, Open ITIL role and click edit on "Role Contains" section and add the "encryption_field_access" role to the ITIL Role. This way all the ITIL users will have access to the encrypted fields and end users will have access to the encrypted fields.

Patrick Boutet · ‎11-22-2018

Hi

I will ask SNOW rep regarding commercial issue

I try what you proposed but this doesn't work as expected.

End user may create a new record, encrypt this field (Exposé des faits) and see it

But other users (including itil users) are not allowed to see this field (they can open the record but Field Exposé des faits is not displayed)

It seems that you may only see fields that you encrypt yourself

Regards