Crypto modules available for non admin users in Xanadu

pramodkumar
Tera Expert

‎01-20-2025 05:51 PM

Hi All,

 

After upgrading to Xanadu, Non admins are seeing the available crypto modules in update set picker. Can we hide this?

pramodkumar_0-1737424315739.png

 

 

Thanks!

0 Helpfuls
  • 588 Views
3 REPLIES 3

Ankur Bawiskar
Tera Patron
Tera Patron

‎01-20-2025 07:03 PM

@pramodkumar 

I have seen some other community member also posting something similar.

Did you check with multiple non-admins?

If the issue exists it means it's a platform bug

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

pramodkumar
Tera Expert
In response to Ankur Bawiskar

‎01-23-2025 05:01 PM

Hi @Ankur Bawiskar  what I got to know is, if user have access to multiple encryption contexts then they are seeing it. If they have only one encryption context, they will not see it.

0 Helpfuls

tinayang15
Tera Expert

‎03-24-2025 09:40 AM

If anyone is wondering what to do, I submitted a support case with the resolution below:

If you look at the crypto module, what are the roles listed? 

Mine was for EMR Help roles that were inherited/applied to snc_internal. You will want to see what is listed under the Crypto Module then do the below:

1. Make sure you have KMF Admin role if not, here is the documentation on how to add it to yourself: https://www.servicenow.com/docs/bundle/xanadu-platform-security/page/administer/key-management-frame...

2. Deactivate the Module access policies (If yours is EMR help roles like mine - it's the below):

/sys_kmf_crypto_caller_policy.do?sys_id=ea0ca868dbb53110da72c04b139619c5&sysparm_record_target=sys_kmf_crypto_caller_policy&sysparm_record_row=1&sysparm_record_rows=2&sysparm_record_list=crypto_module.nameSTARTSWITHsn_ind_rmt%5Etarget_role%21%3DNULL

/sys_kmf_crypto_caller_policy.do?sys_id=2efc2863a3a002108449f2c6641e6181&sysparm_record_target=sys_kmf_crypto_caller_policy&sysparm_record_row=2&sysparm_record_rows=2&sysparm_record_list=crypto_module.nameSTARTSWITHsn_ind_rmt%5Etarget_role%21%3DNULL
 
3. Retest as the itil users and the crypto module should not be available for the users.

I did ask support if deactivating these will have any issues with EMR help users submitting incidents or fulfillers seeing the EMR request data. SN support says no impact. The only impact is that crypto module will no longer be available in the platform.

0 Helpfuls