Can we run encryption script in background Job?
Recently, I run into a scenario where user was trying to run an Encryption Support job from Fix Scripts in background mode, later running into issues.
So far, product documentation has not captured this very much-needed information and hence decided to write this KB Article to document this missing information. Please note that the product document, will be updated sooner with the missing information.
The Encryption Support, uses encryption context. This encryption context would be assigned to role, so that whoever has been granted with that specific role would be able to access the Encrypted field.
If you impersonate a user who has been granted with encryption context, still system will not allow you to access the encrypted fields, this is due to security reasons, and hence user needs to explicitly login to instance to access the encrypted fields.
This same principle applied to the background jobs as well. Encryption contexts cannot be accessed directly by asynchronous jobs. Even if you use the "Run As" option, this is using impersonation to run the job, and impersonation does not grant access to encryption contexts for security reasons. Hence, if you are using scripts to perform encryption, it is advised to run it from background script as currently logged in user.