Encryption support Encryption is a process that scrambles information into a format that unauthorized parties cannot decode or use. Users who have access to the encryption context can see data encrypted with that particular encryption context. The encryption process requires an administrator to grant an encryption context to users by granting the user an associated role. Note: Impersonation does not change the encryption contexts available to a user. Even while impersonating, you have only the encryption contexts available to you originally. After encryption: Encrypted text fields and attachments are no longer accessible by database tools and cannot be indexed. Encrypted text fields cannot be added to a filter. Encrypted text fields cannot be used to sort lists. You can encrypt all String fields, including fields provided by default in the system and new fields that you create in the dictionary. Users with the admin role can activate the Encryption Support plugin. Access to encrypted data A user's encryption context determines access to encrypted data. Access level Data visibility User with no encryption contexts The form hides the encrypted field. User with one encryption context The user automatically uses their encryption context with encrypted text fields. If there is no data in the field: The form displays the encrypted field (assuming UI policy does not prevent it). Users with any encryption context can see empty encrypted fields. Entering data in the field causes the encrypted fields to use the currently selected encryption context to encrypt the data. If there is data in the field: If the user has access to the matching encryption context, the form displays the encrypted field. User with two or more encryption contexts The user can select an encryption context from the selector in the welcome bar. If there is no data in the field: The form displays the encrypted field (assuming UI policy does not prevent it). Users with any encryption context can see empty encrypted fields. Entering data in the field causes the encrypted fields to use the currently selected encryption context to encrypt the data. If there is data in the field: If the user has access to the matching encryption context, the form displays the encrypted field. The encrypted field always uses the original encryption context to encrypt changes to the field. This prevents users with multiple encryption contexts from changing the encryption context of a field. Note: A lock icon appears next to the field label to indicate an encrypted field. If a user has access to the encryption context, pointing to the icon displays the name of the context used to encrypt the field. Encryption support FAQThese are general security FAQs for encryption. For information about MID Server credential encryption. Set up encryption contextsAdministrators can create an encryption context that uses an encryption key.Use attachment encryptionYou can encrypt attachments that are already attached to records.Encrypt MID Server login credentialsThe MID Server login credentials appear in the config.xml file in clear text. If access to the MID Server host machine is not secure, store the login credentials in this file in encrypted form.Demonstration pluginThe instance provides a demonstration plugin called Encryption Support - Single Context Task Encryption Demo (com.snc.task_encryption.demo).Encrypt a password in system propertiesThe Encrypt SysProperty Password business rule automatically encrypts the value of any system property with the type password or password2.