Use encryption modules to set field-level security in article templates and display the fields based on role permissions.

Before you begin

Role required: security_admin

Note: Use Knowledge blocks to restrict the content within the same field. For more information, see Knowledge blocks.

Procedure

  1. Create an encryption module for the article template field to be encrypted.
    See Create a cryptographic module for details.
  2. Associate the article template field with the encryption module.
    See Encrypting fields and attachments for details.
    1. Navigate to System Security > Field Encryption > Encryption Field Configurations and click New.
    2. On the form, fill in the fields.
      Table 1. Encrypted Field Configuration form
      FieldDescription
      Table Table associated with the article template fields. For example, for the How to article template fields, select How To [kb_template_how_to].
      Column Article template field to be encrypted. Only String, Date, Date/Time, and URL fields are supported.
      • String and URL fields: You can add a new encryption configuration to either a parent table or a child table.
      • Date and Date/Time fields: You can create encrypted field configurations to encrypt existing Date and Date/Time fields. You can add a new encryption configuration to a parent table only. You cannot add a new encryption configuration to a child table.
        Note: Depending on the number of records affected by the Date and Date/Time fields you are encrypting, it may take up to a few minutes to create the encryption configuration. Make sure that you create the encryption configuration for Date and Date/Time fields when transaction volume on the instance is low.
      Encryption module Encryption module you created for the article template field.
      Method
      • Single Encryption Module: Enables data to be encrypted with a single encryption module only. The field is encrypted with the encryption module defined in the Encryption module field. Users that do not have the encryption module cannot view or update field values.
      • Multiple Encryption Module: Enables data to be encrypted with more than one encryption module. The field is encrypted by the encryption context of the first user to enter data. If the user has multiple encryption modules, the context defined in the encryption module selector is used. Because the encryption module is set on a per record basis, fields in a list can have different encryption modules. However, within a single record, the field can be encrypted by only one module.
        Note: Mass encryption is not available when using the Multiple Encryption module method.

      After a configuration is created using the single encryption module method, you can update the record to use multiple encryption modules. However, you cannot change a field using multiple encryption modules to use a single encryption module.
    3. Click Submit.
  3. Define role permissions for the encrypted field.
    1. Navigate to User Administration > Roles.
    2. In the Name column, click the link to the role you want to allow to view this field.
    3. In the Encrypted context field, search for and select the name of the encryption context for the article template field to apply for the selected role.
      Note: You may need to configure the Role form to add the Encrypted context field.
    4. Click Update.

Result

Depending on their role permissions defined for the encrypted field, users can view the field on the article template.