User getting "Invalid attempt. Encrypted data could not be saved" when entering data in an encrypted field

peterscaramuzzo · ‎12-23-2020

We have a portal form that has a special multi-line encrypted box to put information that my company requires to be encrypted. However non-itil users are getting "Invalid attempt. Encrypted data could not be saved". We are thinking maybe for these non-itil users we could grant them a role that allows them to write encrypted data while still not letting them read encrypted data. I was looking at doing this from a role perspective but it doesn't seem to have that level of detail. Is something like that possible? Or would there be a much better approach? I was looking at maybe granting this access for the specific form through the layout as this seemed to be suggested in some articles but couldn't seem to make any headway. I am sure this is a somewhat common problem so hoping someone can offer some advice and perspective.

Allen Andreas · ‎12-24-2020

Hi,

How do you have this setup today?

I know for direct writing to an encrypted field they'd need to have the role associated with that fields encrypted context (hence the error you're seeing), but if you are using perhaps a record producer and they are writing to a specific multi-line text field that you have mapped to the encrypted field, that may work and not need the context?

Back to what you were talking about though...to be able to write to a field, means they'd need to be able to read it. So you'd have to juggle people writing to a field, which then gets transferred to another field perhaps where they can't read it. I've done something similar for PII logging, where one field we allowed PII in it, but then an audit log was created which was also encrypted on the form outside their view for ease of use that captured who made the edit, when they made the edit, and what the edit was.

Please mark reply as Helpful/Correct, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

View solution in original post

peterscaramuzzo · ‎02-01-2021

Making the field a non-encrypted field and not mapped to the incident. Then in the record producer script transfer the information to the encrypted field and it worked.

Allen Andreas · ‎02-01-2021

Hi @peterscaramuzzo

I believe I recommended that above. Please review my post and see my suggestion.

If my reply above helped guide you correctly, please mark it as Helpful & Correct.

Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

Vigneshwaran3 · ‎09-28-2021

Hi @peterscaramuzzo

I am stuck with the similar issue to pass the information from the record producer variable to the encrypted field. We are using Platform Encryption and the field is encrypted by specific role and non-itil users are getting this error.

I tried to move the mapping from the encrypted field to a non-encrypted field and then pass the information from non-encrypted field to encrypted field in the record producer script. But it did not work. Can you provide more information on how to achieve this requirement?

Allen Andreas · ‎09-28-2021

Hi,

As mentioned above, you can make the variable on the producer a non-encrypted field. Then also remove the "map to field" selection for that variable.

Then...in the record producer script, set the value for the current.field_name (so that's the new record and the field) to the value from the producer.field_name.

Please mark reply as Helpful, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

Vigneshwaran3 · ‎09-28-2021

Hi @peterscaramuzzo

I have tried the same steps, but I am still facing the same error.

Record producer variable

Record producer script

We have provided platform encryption on the secured field using ITIL role. Whenever I submit the record producer as non-ITIL user, I am getting this error.

can you let me know if I am missing anything?