- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2025 11:12 AM
Does anyone know how to fix the issue where enabling Column Level Encryption on a field removes the default query operators in the condition builder?
For example before adding a Encrypted Field Configuration
After Adding Encrypted Field Configuration
Is there a way to configure this to where the preexisting query options are available?
Adding the encrypted field configuration ends up preventing autocomplete to be able to work, which affects Service Catalog dropdowns and Native UI dropdowns from loading.
Replication Steps:
- PDI Instance: Xanadu Patch 4.
- Required Modules: Ensure the CLEE Enterprise module is installed and active.
- Create a ServiceNow Generated Key:
- Add Encrypted Field Configuration (Note: requires security_admin elevation)
- Schedule Mass Encryption job.
- Query Operators will no longer be present.
I hope this is the right forum; this is my first post. Thank you!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2025 12:23 PM
This is by design. The ciphertext (encrypted data stored in the database) shouldn't give any hints about what it contains, and therefore "starts with" and "contains" (and similar) won't work.
When setting up the encryption key (cryptographic module) in the instance, there is an option to use "equality preserving" (ie. no "salt" or crypto initialization vector), which will allow you to enable the "is same" and "is different" operators.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2025 12:23 PM
This is by design. The ciphertext (encrypted data stored in the database) shouldn't give any hints about what it contains, and therefore "starts with" and "contains" (and similar) won't work.
When setting up the encryption key (cryptographic module) in the instance, there is an option to use "equality preserving" (ie. no "salt" or crypto initialization vector), which will allow you to enable the "is same" and "is different" operators.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2025 05:11 AM
Hello Jarod,
Thank you for the information! I was able to find the equality preserving field you described. When configuring the Crypto Specification, the choice of algorithm directly affects whether equality-preserving encryption is supported.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2025 05:15 AM
I am surprised it is configured this way. I thought it was something the module access policy would determine. Pairing this with some solid ACL would probably work wonders. I'll try to find an alternative.
Thanks for your help!