Column Level Encryption Enterprise walkthrough
This walkthrough shows you how to encrypt a field in your instance using Field Encryption Enterprise with the Key Management Framework (KMF). It also shows you how to use your own key.
시작하기 전에
Role required: admin or security_admin
이 태스크 정보
This walkthrough starts with an instance where you have already created and uploaded your personal cryptographic key. You could use the ServiceNow key, but this example uses a customer-supplied key.
After the key has been stored in a cryptographic module, you can start configuring fields in your instance, such as salary or social security numbers that have limited access from certain users. In the Encrypted Field Configuration, specify which authorized personnel can access sensitive data.
This task demonstrates two scenarios. One example encrypts the Short Description field in an Incident for users who are not authorized to view the sensitive data.
Attachments can also be encrypted and only visible to users who are granted access, or is visible to all users that are not restricted from viewing the data. See Attachment encryption walkthrough to encrypt an attachment.
프로시저
-
On the form, fill in the fields.
표 1. Encrypted field configuration form Field Description Type Column is required to use your personal key. Table Table that stores the sensitive information. For this example, select Incident [incident]. Column Column, or specific information, that represents the sensitive date to be encrypted. For this example, select short_description. Active Option to mark Active to use the field configuration. Algorithm Equality Preserving The option is automatically selected. Crypto module Module that you created to use with the personal key. Method The Single Module option is used to apply the policies for one module. Multiple Modules is used to apply the policies across multiple modules. 그림 1. Encryption field configuration example -
On the form, fill in the fields.
표 2. Module access policy form Field Description Policy name Name for the policy, such, as short description. Crypto module Crypto module that you created to encrypt your key. Type Type of access designation for the crypto policy. Use Role to grant access to the encrypted field to only those users that have the assigned role. Target Role The role that has access to the encrypted field. For this example, select Admin. Active Option to activate the Module Access Policy. Result The Trackoption enables the access to the field for the selected role. (To restrict access to that field for the selected role, select Reject orStrict Reject.) 그림 2. Module access policy example -
As a user with the sn_kmf.admin role, navigate to .
그림 3. Example of encrypted field visible You can now view the Short description field based on the module access policy configuration.주:The sn_kmf.admin role was granted user access to the encrypted field, Short description, by setting the module access policy to Track. Notice the lock icon (
) under the field name indicating that the field is an encrypted field.You can now access the Incidents module as an end user to test the encrypted field configuration.
-
Log in as a user to be restricted from viewing the encrypted data in the configured field.
그림 4. Encrypted field level data When you access the incident number, the data in the Short description will not be visible.
결과
You have successfully used your symmetric key to control access to a specific field using Column Level Encryption Enterprise.