Allowing End User to enter data into an Encrypted Field

ron_tavares
ServiceNow Employee
ServiceNow Employee

‎02-10-2017 05:49 AM

I have an encrypted text field on the Incident form that captures sensitive information about the user. The Encryption Context has been applied to the itil role, so all ITIL users have access to the field and data. That part works fine. But the customer wants to expose this field on the portal, to allow an end user the ability to enter the sensitive information for their own incident. I don't believe this is possible, (at least not directly to that field). I did try creating a separate text field, put that on the portal view, then created a BR that pushes the value from the text field to the encrypted field. But this doesn't appear to digest well. Has anyone ran across this before and do you have a solution?

  • 2,939 Views
7 REPLIES 7

adiddigi
Tera Guru

‎02-10-2017 06:33 AM

The business rule will not be able to set the encrypted text field, because the business rule still runs in the context of a user who doesn't have an encryption context.



Now, this is definitely possible, and we did this for a (very) large system because we _had_ to. I'll talk about this complex solution below, and if you think if want to go that route, give you the code.



1. Create a separate text field ( which is already done) on the table( let's assume the table to be incident)


2. Create an admin user, and give him that encryption context


3. In the business rule, instead of setting the field directly like you are doing now, you must:


        3.1. Call the update function on Incident using the REST/SOAP API of the Incident table.


        3.2 Authenticate using the new user you just created in step 2


        3.3 Set the encrypted field.




This works because, when you authenticate using the admin user who has encryption context, the system will update the record. I actually built an entire fullblown framework over this idea as we had the need to work with sensitive data ( SSNs ) etc...


khadim
Kilo Explorer
In response to adiddigi

‎06-12-2017 10:06 AM

Hi Abhiram,



I have same requirement in my project. Can you please share the code you used.



Thanks


Sadaf


0 Helpfuls

jeffp
Giga Contributor
In response to adiddigi

‎10-10-2017 08:36 PM

Hello Abhiram , any chance you would be willing to share your code for this?   I'm currently working my way through the same problem


0 Helpfuls

robert_merriman
Mega Contributor

‎10-23-2017 09:23 AM

Hi Abhiram,



I am looking to get pii (DOB & SSN) from end users and then update their related sys_user record all while encrypting it with a context the end user does not have.


It reads like you are using a rest call to update the record, however I am having issues.   It looks like when I do a rest update I don't get any associated encryption context on the field.   The user making the call had the context and is able to update the record from the UI with encryption.  



If you could provide your code, I believe it would help me better understand how you solutioned this issue.



Regards,


Robb


0 Helpfuls