Module Access Policies / unable to view attachments

pardhiv
Tera Contributor

‎05-07-2022 12:51 PM

We have encrypted attachments that are visible to few users.

I came to realize that module access policies are used for this. How are this tied to a particular table.

I see Target roles listed on Module access policies. Also , I see multiple Policies listed based on the name. How do they work ?

0 Helpfuls
  • 997 Views
1 REPLY 1

Community Alums
Not applicable

‎05-08-2022 06:43 AM

Hi @pardhiv ,

Module access policies are the access control mechanisms that can be applied to cryptographic modules to define instance-level controls.

Module access policies are introduced with the Key Management Framework (KMF) in the base system and  expands on role-based designation that was provided with encryption modules. Module access policies can be based on the following:
  • Basic (scope)
  • Role
  • System user
  • Script
  • Resource Exchange
    Note: See KMF Resource Exchange for details.

In a cryptographic module, you must configure correct module access policies to allocate access to encrypted data. Without a module access policy associated to a cryptographic module, encrypted data is not visible to users and associated fields and columns in lists display empty.

In this image, the absence of a module access policy on the encrypted Short Description field hides the content from all users accessing the Incident table. With a module access policy in place, users with the allowed role are able to see the encrypted data.

Encrypted short descriptions with and without module access policies
Data with and without module access policies.

 

How it's created ?

Refer to this link :https://docs.servicenow.com/en-US/bundle/sandiego-platform-administration/page/administer/key-manage...

Mark my answer correct & Helpful, if Applicable.

Thanks,

Sandeep

0 Helpfuls