Crypto modules available for non admin users in Xanadu
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2025 05:51 PM
Hi All,
After upgrading to Xanadu, Non admins are seeing the available crypto modules in update set picker. Can we hide this?
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2025 07:03 PM
I have seen some other community member also posting something similar.
Did you check with multiple non-admins?
If the issue exists it means it's a platform bug
If my response helped please mark it correct and close the thread so that it benefits future readers.
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2025 05:01 PM
Hi @Ankur Bawiskar what I got to know is, if user have access to multiple encryption contexts then they are seeing it. If they have only one encryption context, they will not see it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-24-2025 09:40 AM
If anyone is wondering what to do, I submitted a support case with the resolution below:
If you look at the crypto module, what are the roles listed?
Mine was for EMR Help roles that were inherited/applied to snc_internal. You will want to see what is listed under the Crypto Module then do the below:
1. Make sure you have KMF Admin role if not, here is the documentation on how to add it to yourself: https://www.servicenow.com/docs/bundle/xanadu-platform-security/page/administer/key-management-frame...
2. Deactivate the Module access policies (If yours is EMR help roles like mine - it's the below):
/sys_kmf_crypto_caller_policy.do?sys_id=ea0ca868dbb53110da72c04b139619c5&sysparm_record_target=sys_kmf_crypto_caller_policy&sysparm_record_row=1&sysparm_record_rows=2&sysparm_record_list=crypto_module.nameSTARTSWITHsn_ind_rmt%5Etarget_role%21%3DNULL
/sys_kmf_crypto_caller_policy.do?sys_id=2efc2863a3a002108449f2c6641e6181&sysparm_record_target=sys_kmf_crypto_caller_policy&sysparm_record_row=2&sysparm_record_rows=2&sysparm_record_list=crypto_module.nameSTARTSWITHsn_ind_rmt%5Etarget_role%21%3DNULL
3. Retest as the itil users and the crypto module should not be available for the users.
I did ask support if deactivating these will have any issues with EMR help users submitting incidents or fulfillers seeing the EMR request data. SN support says no impact. The only impact is that crypto module will no longer be available in the platform.