gr.<element>.getDecryptedValue() not working when impersonating user with ITIL role

matthallbomgar · ‎06-05-2015

I've got a Script Include with a function, we'll call it doSomething(). Within the doSomething() function, I've got a line where I'm getting the decrypted value of a Password2 field with gr.<element>.getDecryptedValue().

When calling the doSomething() function from a UI Action as a user with Admin role, gr.<element>.getDecryptedValue() successfully decrypts the Password2 field.

However, When calling the same doSomething() function from a UI Action when impersonating a user with ITIL role, gr.<element>.getDecryptedValue() does not decrypt the Password2 field and returns the encrypted value.

Is this a bug?

Please advise.

Thanks!

tony_barratt · ‎06-05-2015

Hi Matt,

There is an explanation below concerning encryption and impersonating.

I am thinking, after reading your question and the explanation below, that the behavior you are seeing is the expected behavior.

Best Regards

Tony

Encryption Support - ServiceNow Wiki

1 Overview

Encryption is a process that scrambles information into a format that unauthorized parties cannot decode or use.

Only users with the admin role can activate and set up encryption support. Users can only encrypt new text fields. ServiceNow does not support encryption of any existing text field. The encryption process requires an administrator to grant an encryption context to users by granting the user an associated role. Only users who have access to the encryption context can see data encrypted with that particular encryption context.

Note: Impersonation does not change the encryption contexts available to a user. Even while impersonating, you have only the encryption contexts available to you originally.

amarhelloween · ‎10-15-2015

Hi Matt,

I am trying to decrypt the password with gr.<element>.getDecryptedValue() but not able to. Can you please share your script include and client script here.