Need to mask data on the RITM entered on the form

RohanDS · ‎07-14-2023

Hello team,

I have a requirement where we need to capture banking details of employees as shown in the screenshot. These details are very sensitive and we don't want everyone to see them. Is there a way we could mask these details? We were thinking of the following:

1. Mask these details and make it available only to certain group of people.

2. These details should be available with a passcode. (Again we need to decide how to set the passcode or change it)

Does ServiceNow has a capability to hide data on RITM?

Samaksh Wani · ‎07-14-2023

Hello @RohanDS

Create a Read ACL on the table records, add your certain grp of users in one Assignment grp, ACL will allow only them to view the records, rest other will not be able to see.

if(gs.getUser.isMemberOf('sys_id_of_grp')){.      // grp which you are creating and adding your users in it.
answer=true;
} 
else{
answer=false;
}

Plz Mark my Solution as Accept and Give me thumbs up, if you find it Helpful.

Regards,

Samaksh

View solution in original post

Ravi Chandra_K · ‎07-14-2023

Hello @RohanDS

Greetings!

The best way would be using OOB masked variable. This can be used when collecting sensitive data from users. you have to encrypt, then decrypt so that it will be visible on RITM task (or you can catalog_view_masked role for this)

refer below docs for clear explanation about Masked variable.

Masked variable in this doc:

https://docs.servicenow.com/bundle/sandiego-servicenow-platform/page/product/service-catalog-managem...

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0726928

please mark the answer as correct and helpful based on Impact.

Kind Regards,

Ravi Chandra

View solution in original post

Bert_c1 · ‎07-14-2023

Hi RohanDS,

See info in UI Policies as a means to hide fields.

https://docs.servicenow.com/search?q=UI%20policies

There are other means to prevent access, such as ACLs depending on your specific use case.

Samaksh Wani · ‎07-14-2023

Hello @RohanDS

Create a Read ACL on the table records, add your certain grp of users in one Assignment grp, ACL will allow only them to view the records, rest other will not be able to see.

if(gs.getUser.isMemberOf('sys_id_of_grp')){.      // grp which you are creating and adding your users in it.
answer=true;
} 
else{
answer=false;
}

Plz Mark my Solution as Accept and Give me thumbs up, if you find it Helpful.

Regards,

Samaksh

Ravi Chandra_K · ‎07-14-2023

Hello @RohanDS

Greetings!

The best way would be using OOB masked variable. This can be used when collecting sensitive data from users. you have to encrypt, then decrypt so that it will be visible on RITM task (or you can catalog_view_masked role for this)

refer below docs for clear explanation about Masked variable.

Masked variable in this doc:

https://docs.servicenow.com/bundle/sandiego-servicenow-platform/page/product/service-catalog-managem...

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0726928

please mark the answer as correct and helpful based on Impact.

Kind Regards,

Ravi Chandra

John McKnight · ‎03-27-2024

Hello Ravi,
I noticed a couple of things using the OOB masking solution you describe. In case I'm asked I'd like to be able to answer.

1st - Are Catalog Requesters (Submitted By POCs) normally not allowed to see the field Unmasked in resulting tickets? I looked to see if a User without the Role can see the data they entered in the resulting RITM or SA_Tasks they created and they cannot. Is there an OOB setting/way to allow that if necessary?

2nd - I noticed that the specific Role Users who can Show/See the unmasked field values cannot see the values after ticket closure. Is this not allow OOB?
Thank you Ravi