Crypto modules available for non admin users in Xanadu

pramodkumar
Tera Expert

Hi All,

 

After upgrading to Xanadu, Non admins are seeing the available crypto modules in update set picker. Can we hide this?

pramodkumar_0-1737424315739.png

 

 

Thanks!

3 REPLIES 3

Ankur Bawiskar
Tera Patron
Tera Patron

@pramodkumar 

I have seen some other community member also posting something similar.

Did you check with multiple non-admins?

If the issue exists it means it's a platform bug

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

Hi @Ankur Bawiskar  what I got to know is, if user have access to multiple encryption contexts then they are seeing it. If they have only one encryption context, they will not see it.

tinayang15
Tera Expert

If anyone is wondering what to do, I submitted a support case with the resolution below:

If you look at the crypto module, what are the roles listed? 

Mine was for EMR Help roles that were inherited/applied to snc_internal. You will want to see what is listed under the Crypto Module then do the below:

1. Make sure you have KMF Admin role if not, here is the documentation on how to add it to yourself: https://www.servicenow.com/docs/bundle/xanadu-platform-security/page/administer/key-management-frame...

2. Deactivate the Module access policies (If yours is EMR help roles like mine - it's the below):

/sys_kmf_crypto_caller_policy.do?sys_id=ea0ca868dbb53110da72c04b139619c5&sysparm_record_target=sys_kmf_crypto_caller_policy&sysparm_record_row=1&sysparm_record_rows=2&sysparm_record_list=crypto_module.nameSTARTSWITHsn_ind_rmt%5Etarget_role%21%3DNULL

/sys_kmf_crypto_caller_policy.do?sys_id=2efc2863a3a002108449f2c6641e6181&sysparm_record_target=sys_kmf_crypto_caller_policy&sysparm_record_row=2&sysparm_record_rows=2&sysparm_record_list=crypto_module.nameSTARTSWITHsn_ind_rmt%5Etarget_role%21%3DNULL
 
3. Retest as the itil users and the crypto module should not be available for the users.

I did ask support if deactivating these will have any issues with EMR help users submitting incidents or fulfillers seeing the EMR request data. SN support says no impact. The only impact is that crypto module will no longer be available in the platform.