Column Level Encryption

  • Release version: Zurich
  • Updated February 1, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Column Level Encryption

    Column Level Encryption (CLE) enables controlled access to encrypted data based on user roles, allowing specific fields within tables to be encrypted instead of the entire table or database. This targeted approach enhances data protection while minimizing encryption and decryption time. Starting with the Zurich release, CLE and its Enterprise version (CLEE) are being prepared for deprecation, with users encouraged to transition to Field Encryption and Field Encryption Enterprise for a more updated experience.

    Show full answer Show less

    Key Features

    • Role-Based Access: Access to encrypted fields is granted based on user roles. Users must either be directly assigned a role or belong to a group linked to a role to view encrypted data.
    • Selective Encryption: Encrypt only the necessary fields to protect sensitive data while keeping the rest of the table accessible.
    • Basic Key Management: CLE includes fundamental key management through encryption modules.

    Key Outcomes

    By utilizing Column Level Encryption, organizations can ensure that sensitive information remains secure and accessible only to authorized users, significantly improving data governance. Transitioning to Field Encryption will provide users with enhanced capabilities for managing encrypted data.

    Column Level Encryption permits and denies access to encrypted data based on user role. Column Level Encryption includes basic key management using encryption modules.

    Important:

    Starting with the Zurich release, Column Level Encryption (CLE) and Column Level Encryption Enterprise (CLEE) are being prepared for future deprecation. They will be hidden and no longer activated on new instances but will continue to be supported. Field Encryption and Field Encryption Enterprise provide the latest experience for this functionality.

    For details, see the Deprecation Process [KB0867184] article in the Now Support knowledge base.

    With Column Level Encryption, you can encrypt specific fields within your tables, as opposed to encrypting the entire table or database. Use this method to help ensure that your sensitive data remains protected without the need to encrypt and entire table. The ability to encrypt only the portions of your tables that require it helps to reduce the time spent encrypting and decrypting data.

    Column Level Encryption grants access to encrypted data based on a user's role. Because of this approach, users must be associated with a role to view data encrypted by Column Level Encryption. Users can be associated with a role directly, or they can be assigned to a group that is associated with a role. This role-based approach simplifies the process of making sure that your data is visible only to users who need it.

    Figure 1. Role-based encryption example
    In this example, you can see four users attempting to access data stored in two fields on a form. These fields are encrypted by an encryption context, which is only accessible to users who are associated with a specific role (Role 1).
    • User 1 is a member of Role 1, which provides access to encryption module 1. User 1 can see the contents of Field A and Field B.
    • User 2 and User 3 are members of Group 1. Group 1 is a member of Role 1, which enables everyone in Group 1 access to encryption module 1 and enables User 2 and User 3 to see the contents of Field A and Field B.
    • User 4 isn't a member of any group or role and has no access to encryption module 1. User 4 does note access to Field A or Field B. User 4 also doesn’t see these fields on a form. In a list view, these fields are visible, but the values are be empty.

    Get started

    Troubleshoot and get help