Create a job to sign specific records or attachments on a trusted instance

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read

    • Sign a specific record, or group of records you define on a trusted instance.

    Before you begin

    Role required: security_admin or sn_kmf.cryptographic_manager

    Procedure

    1. Navigate to All > System Security > Security Jobs > Create New.
    2. At the What type of Security Job would you like to create? prompt, select Signing Job.
      A new Signing Job record displays.
    3. In the form, fill in the fields as needed:
      Table 1. Signing job fields
      Field Description
      Name Descriptive name for this job.
      Type Type of security job. To sign specific records, select the Sign Specific Records option. To sign specific attachments, select Sign Specific Attachments.
      State State of this job. This field begins with the value of New. This field is read only.
      Table Table containing the records or attachments you want to sign.

      If signing attachments, select the table with records that the attachments are associated with, not the Attachment [sys_attachment] table.

      Tip:
      Check the Key Management Framework (KMF) Signature Record [sn_kmf_record_signature] table to ensure that there aren’t already signatures for the table you’ve selected.
      Filter Records Filter conditions used to limit which records appear in the Select records for signing table.
      Select records for signing

      List of records on the table selected in the Table field, limited by filter created in the Filter Records field.

      Move records from the Available window to the Selected window to include them in the signing job.
      Time window start The start of the time window to run this job. The job will run after the time entered in this field.

      A valid time value is in Coordinated Universal Time based on a 24-hour time notation.
      Time window end The end of the time window to run this job. The job runs before the time entered in this field. If the job hasn’t yet completed, the job will pause and resume at the next time window start. The end time must be after the start time.

      A valid time value is in Coordinated Universal Time based on a 24-hour time notation.
      Summary Summary of the execution of this job. This field is read only.
    4. Right-click the form header, and select Save.
    5. Open the job that you saved, and click Start.
      This action signs the signing job, and it’s ready for export.
    6. Navigate to All > System Update Sets > Local Update Sets
    7. Find and open the update set for your signing job.
      In the customer updates tab, you can see that this update set includes the signing job and the signature record.
    8. Select Export to XML.
      This action creates an XML file containing your update set on your local device.
    9. On your protected instance, navigate to All > System Update Sets > Retrieved Update Sets > .
    10. At the bottom of the page, select Import Update Set from XML.
    11. Select the Choose File button, and select the XML file created in previous steps.
    12. Select Upload.
      Your update set is loaded, and appears in the Retrieved Update Sets list.
    13. In the Retrieved Update Sets list, open the record for your imported update set.
    14. Select the Preview Update Set button.
      After the preview completes successfully, you’ll see the Commit Update Set button appear.
    15. Select Commit Update Set.