Execute a script to run the cryptographic module policy for a cryptographic purpose. Specific read (decrypt/unwrap) or write (encrypt, wrap) access can be defined based on the module access policy operation granularity.

Before you begin

Role required: sn_kmf.cryptographic_manager

About this task

Examples of uses are for Business Rules and Script Includes. This procedure uses a script for Business Rules.

Procedure

  1. Create a cryptographic module with the symmetric data encryption/decryption algorithm.
    Refer to Create a cryptographic module for details. Specific access to the data or attachment is controlled with a module access policy with the following characteristics:
    • Symmetric encryption: The script is able to encrypt data but unable to decrypt the data.
    • Symmetric decryption: The script is able to decrypt uploaded encrypted data or attachment but unable to encrypt data or attachments.
    • Symmetric encryption and decryption: The script is able to both encrypt and decrypt data or attachments.
  2. Navigate to System Definition > Business Rules.
  3. Click New.
    New Business Rule record.
  4. Complete the form on the When to run tab and enter the script on the Advanced tab:

    Business Rule Advanced tab.

  5. Click Submit.
  6. Navigate to Key Management > Module Access Policies > All.
    Note: For additional information, refer to Create a module access policy.
  7. Click New.
  8. Complete the form.Target script selection.
    Module Access Policies fields
  9. Click Submit.
    The Module Access Policy for the script is now available in the system.