Column Level Encryption

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Column Level Encryption

    Column Level Encryption (CLE) allows for the encryption of specific fields within tables based on user roles, enhancing data security without the need to encrypt entire tables or databases. It includes basic key management through encryption modules. Please note that CLE and its enterprise version (CLEE) are being prepared for future deprecation, with Field Encryption and Field Encryption Enterprise being the recommended alternatives.

    Show full answer Show less

    Key Features

    • Role-Based Access: Access to encrypted data is granted based on user roles, ensuring that only authorized users can view sensitive information.
    • Selective Encryption: Enables encryption of specific fields, reducing the overhead associated with encrypting entire tables.
    • Group Role Management: Users can be assigned roles directly or through groups, streamlining the management of access permissions.

    Key Outcomes

    By utilizing Column Level Encryption, you can effectively manage access to sensitive data, ensuring compliance and security. Users associated with the correct roles can view encrypted data, while unauthorized users will not see the encrypted fields at all. This approach helps maintain data confidentiality and simplifies data management within your ServiceNow instances.

    Column Level Encryption permits and denies access to encrypted data based on user role. Column Level Encryption includes basic key management using encryption modules.

    Important:

    Starting with the Zurich release, Column Level Encryption (CLE) and Column Level Encryption Enterprise (CLEE) are being prepared for future deprecation. They will be hidden and no longer activated on new instances but will continue to be supported. Field Encryption and Field Encryption Enterprise provide the latest experience for this functionality.

    For details, see the Deprecation Process [KB0867184] article in the Now Support knowledge base.

    With Column Level Encryption, you can encrypt specific fields within your tables, as opposed to encrypting the entire table or database. Use this method to help ensure that your sensitive data remains protected without the need to encrypt and entire table. The ability to encrypt only the portions of your tables that require it helps to reduce the time spent encrypting and decrypting data.

    Column Level Encryption grants access to encrypted data based on a user's role. Because of this approach, users must be associated with a role to view data encrypted by Column Level Encryption. Users can be associated with a role directly, or they can be assigned to a group that is associated with a role. This role-based approach simplifies the process of making sure that your data is visible only to users who need it.

    Figure 1. Role-based encryption example
    In this example, you can see four users attempting to access data stored in two fields on a form. These fields are encrypted by an encryption context, which is only accessible to users who are associated with a specific role (Role 1).
    • User 1 is a member of Role 1, which provides access to encryption module 1. User 1 can see the contents of Field A and Field B.
    • User 2 and User 3 are members of Group 1. Group 1 is a member of Role 1, which enables everyone in Group 1 access to encryption module 1 and enables User 2 and User 3 to see the contents of Field A and Field B.
    • User 4 isn't a member of any group or role and has no access to encryption module 1. User 4 does note access to Field A or Field B. User 4 also doesn’t see these fields on a form. In a list view, these fields are visible, but the values are be empty.

    Get started

    Troubleshoot and get help