User getting "Invalid attempt. Encrypted data could not be saved" when entering data in an encrypted field

peterscaramuzzo · ‎12-23-2020

We have a portal form that has a special multi-line encrypted box to put information that my company requires to be encrypted. However non-itil users are getting "Invalid attempt. Encrypted data could not be saved". We are thinking maybe for these non-itil users we could grant them a role that allows them to write encrypted data while still not letting them read encrypted data. I was looking at doing this from a role perspective but it doesn't seem to have that level of detail. Is something like that possible? Or would there be a much better approach? I was looking at maybe granting this access for the specific form through the layout as this seemed to be suggested in some articles but couldn't seem to make any headway. I am sure this is a somewhat common problem so hoping someone can offer some advice and perspective.

Allen Andreas · ‎12-24-2020

Hi,

How do you have this setup today?

I know for direct writing to an encrypted field they'd need to have the role associated with that fields encrypted context (hence the error you're seeing), but if you are using perhaps a record producer and they are writing to a specific multi-line text field that you have mapped to the encrypted field, that may work and not need the context?

Back to what you were talking about though...to be able to write to a field, means they'd need to be able to read it. So you'd have to juggle people writing to a field, which then gets transferred to another field perhaps where they can't read it. I've done something similar for PII logging, where one field we allowed PII in it, but then an audit log was created which was also encrypted on the form outside their view for ease of use that captured who made the edit, when they made the edit, and what the edit was.

Please mark reply as Helpful/Correct, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

View solution in original post

peterscaramuzzo · ‎09-29-2021

Should work as long as the field you are copying from is non encrypted and a variable just on that form. Make sure it is not mapped to (in our case) the incident.

From that field the data is placed into the real encrypted field that is associated with the incident.

current.u_encrypted_info_incident = producer.field_info;

In our testing that worked even if the user was a non-itil user.

Allen Andreas · ‎09-29-2021

Hi,

If the above is not working...can you try setting it's display value instead? Such as:

current.setDisplayValue('field_name', producer.field_name);

Please mark reply as Helpful, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

Vigneshwaran3 · ‎10-01-2021

Hi Allen and peterscaramuzzo

i tried both the options on the record producer. But non-itil users are not able to create an incident record.

Option 1 - current.description = producer.producer_description;
Option 2 - current.setDisplayValue('short_description', producer.producer_description);

we are getting the below error

The record producer variable is not mapped to the encrypted field directly. I am setting the value on the record producer script. But still facing this error.

I even tried on a fresh lab instance on Quebec instance. Am i missing anything on the configuration part.

peterscaramuzzo · ‎10-01-2021

Hmmm, not sure. Make sure there are no variables on your record producer that are attached to encrypted incident variables where you are placing text. Maybe it's another record producer variable that is tripping you up?