Encrypting attachment while inserting or updating a record

Community Alums
Not applicable

Hi All,

I have configured encryption context and running the script https://docs.servicenow.com/bundle/jakarta-servicenow-platform/page/script/server-scripting/concept/...

as per the doc. But this script works only when running from scripts background.

Not working in Scheduled Job (even i put as run as encryption context role) , Business rule, Script etc..

Could anyone help on this?

13 REPLIES 13

Karthik,


Were you able to get this working without having to give everyone a security context?


Thanks


Tom


Jeff316
Kilo Guru

I just installed the Encryption Support plugin.

Any user can add an attachment without having the security context. A business rule then encrypts the attachment. So after the attachment is submitter they can no longer see it because they don't have the security context but they can submit it.

Hi Jeff,

Are you able to share your business rule?

Thank you.

This was long ago but according to my notes this might help you:

We also need to install Easy Encryption v1.3 from SNOW SHARE
The Easy Encryption ServiceNow application enables automated encryption of an encrypted string field on the task table and any attachments to task records. Encryption will take place regardless of whether the logged in person has appropriate encryption contexts and will be effective for any method of record entry (direct entry, inbound email, web services, etc).

I found a business rule from that time period I created on the sys_attachment table, see if this helps (attached).

It all worked really well in 2018, spent a bit of time working on this. They wanted to have a table where they could have incidents that were encrypted and any attachments on those tables also encrypted.  All that work was wasted because they never used it then. It sits in production today never used.

 

Thanks Jeff, again really useful info.

Instead of sharing the xml would you mind just sharing the code sample here? I'm always wary of uploading xmls without first understanding the script.

My aim was to utilise the free 'Encryption Support' plugin rather than the subscription based Edge Encryption. I managed to do this and activate the "encrypt" checkbox for users with the encryption context added to role but it would be great if the checkbox was missed/forgotten that the attachment would just be encrypted automatically.