Need to Mask/ encrypt the field values for some user roles

neerajgole
Tera Contributor

3 weeks ago

Hi Team,
 
I am looking to implement a solution to secure specific string and date fields based on user roles.
 
The goal is to ensure that while end users see only masked or encrypted values in the interface, the original data remains intact in the database for our verification team. This will allow authorized reviewers to access the actual values while maintaining strict data privacy for other roles. 
 
Could you please suggest the best approach achieve the above use case?
0 Helpfuls
  • 430 Views
4 REPLIES 4

Simon Christens
Mega Sage

3 weeks ago

Cant you lock down the fields with read ACL's on the specific fields?

If you set up those with a "required" role then only users with the given role is able to read the data in the fields while the fields are not available for users without the given role.

0 Helpfuls

Ankur Bawiskar
Tera Patron

3 weeks ago

@neerajgole 

you can use field level READ ACL to restrict the data.

Another better option is to use column level encryption which is free

Encrypting attachments using "Column Level Encryption" 

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Ankur Bawiskar
Tera Patron
In response to Ankur Bawiskar

3 weeks ago

@neerajgole 

Hope you are doing good.

Did my reply answer your question?

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Tanushree Maiti
Mega Sage

3 weeks ago

Here standard security methods like Read ACLs typically hide the entire field or its value, not replace it with asterisks on user roles.

To show end users (on user role) see only masked /asterisks in specific String and Date,

Create a Display Business Rule: The Business Rule runs on the server before the form is displayed, storing the original date/string value in a scratchpad variable for later use by the Client Script if the user has the appropriate role. 

- Create an onLoad Client Script: The Client Script runs on the client (browser) after the form loads, checking the user's role and the scratchpad value to determine whether to display asterisks or the real date/string. 

 

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:
0 Helpfuls