Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Encryption support

Encryption support

Use encryption contexts to allow or deny access to sensitive data based on user role.

Encryption and decryption occur on the server, not in the user interface.

Encryption methods

Fields that use Encryption Support may include:

  • New or existing Encrypted Text fields.
  • String and URL fields included in encrypted field configuration records.

The Encrypted Field Configurations table [sys_platform_encryption_configuration] contains a record for each field encrypted with Encryption Support. This table enables a security_admin to monitor all fields in the instance that uses Encryption Support. On upgrade, encrypted field configuration records are created for all existing Encrypted Text fields. When a new Encrypted Text field is added, an encrypted field configuration record is created by default.

Encrypted field configurations can encrypt fields using one of the following methods.

Method Description
Single Encryption Context The field is encrypted with the encryption context defined in the Encryption context field. Users who do not have the encryption context cannot view or update field values.
Multiple Encryption Contexts The field is encrypted with the encryption context of the first user to enter data. If the user has two or more encryption contexts, the context defined in the encryption context selector is used. Because the encryption context is set on a per record basis, fields in a list can have different encryption contexts. However, within a single record, the field can be encrypted by only one context.

When an Encrypted Text field is created, an encrypted field configuration is created with the multiple encryption contexts method. Encrypted Text fields and fields encrypted with the multiple encryption contexts method behave the same.

Note: Mass encryption is not available when using the multiple encryption contexts method.

Access to encrypted data

A user's encryption context determines access to encrypted data. Security_admin users can grant an encryption context to a user by granting the user an associated role.

To monitor the assignment of roles, the customer or ServiceNow professional services can set up security measures. For example, an email can be sent to an appointed encryption manager whenever a role associated with an encryption context is granted to a user.

Note: Impersonation does not change the encryption context available to a user. Even while impersonating, you have only the encryption contexts available to you originally.
Access level Data access to a field using the single encryption context method Data access to a field using the multiple encryption contexts method
User with no encryption contexts The form hides the encrypted field. In list view, the field appears blank and cannot be edited, even if the data in the field is decrypted. The form hides the encrypted field. In list view, the field appears blank and cannot be edited, even if the data in the field is decrypted.
User with one encryption context To use the field, the user must have access to the encryption context defined in the encrypted field configuration. If the user does not have access to the encryption context, the form hides the field. In list view, the field appears blank and cannot be edited.
  • If there is no data in the field: If the user has access to the encryption context, the form displays the field (assuming UI policy does not prevent it). Users with access to the encryption context can view and update the empty field. Data entered in the field is encrypted with the encryption context defined in the encrypted field configuration.
  • If there is data in the field: If the user has access to the encryption context, the user can view and edit data in the field.
The user automatically uses their encryption context with the encrypted field.
  • If there is no data in the field: The form displays the field (assuming UI policy does not prevent it). Users with any encryption context can view and update the empty field. Entering data in the field causes the field to use the currently selected encryption context to encrypt the data.
  • If there is data in the field: If the user has access to the encryption context used to encrypt the field, the user can view and edit the field.
User with two or more encryption contexts To use the field, the user must have access to the encryption context defined in the encrypted field configuration. If the user does not have access to the encryption context, the form hides the field. In list view, the field appears blank and cannot be edited.
  • If there is no data in the field: If the user has access to the encryption context, the form displays the field (assuming UI policy does not prevent it). Users with access to the encryption context can view and update the empty field. Data entered in the field is encrypted with the encryption context defined in the encrypted field configuration.
  • If there is data in the field: If the user has access to the encryption context, the user can view and edit the field. The field always uses the original encryption context to encrypt changes to the field. This behavior prevents users with two or more encryption contexts from changing the encryption context of a field.
The user can select an encryption context from the encryption context selector in the welcome bar.
  • If there is no data in the field: The form displays the field (assuming UI policy does not prevent it). Users with any encryption context can view and update the empty field. Entering data in the field causes the field to use the currently selected encryption context to encrypt the data. The field always uses the original encryption context to encrypt changes to the field. This behavior prevents users with two or more encryption contexts from changing the encryption context of a field.
  • If there is data in the field: If the user has access to the encryption context used to encrypt the field, the user can view and edit the field. The field always uses the original encryption context to encrypt changes to the field. This behavior prevents users with multiple encryption contexts from changing the encryption context of a field.

Filtering and searching encrypted fields

When an Encrypted Text field, or a field with an encrypted field configuration applied, is selected as the left operand in a filter, the following operators are available:

  • [is]
  • [is not]
  • [is empty]
  • [is not empty]

If a user with one or more encryption contexts filters for equality or searches for a value in a list:

  • Only values encrypted with an encryption context available to the user are returned.
  • [is empty] and [is not empty] returns all matching records. Fields encrypted with an encryption context not available to the current user appear blank.

If a user does not have any encryption contexts, no records are returned.

The Show Matching and Filter Out options are supported in lists. Only exact matches are returned or filtered out.

Note: Adding encrypted fields in condition filters is supported in scripts such as UI policies and business rules.

Exporting data from encrypted fields

When exporting encrypted fields in a list or form to a file format, only fields encrypted by an encryption context available to the current user are displayed in the exported document.

To disable exports of encrypted data from a list view, add the glide.encryption.export_encrypted_data.allowed system property and set the value to false.