Notifications

4877 views

Description

After impersonating from the admin to a user role, an attempt to export an attachment that has encryption text as xls/pdf for incident or any other table results in a successful download. However, when opening the downloaded file, the error "Requested attachment does not exist" occurs.

Steps to Reproduce

  1. Log in to an instance as an admin.

  2. Activate the Encryption plugins.

  3. Create an Encryption context and assign to the admin role.

    For more information, see the product documentation topic Encryption support.

  4. Go to the incident table configuration and make a file (for example, Description) an Encrypted Text field. 

  5. Impersonate a user who has an access to a table list such as the incident table.

  6. Go to incident-list.do.

  7. Right-click in the banner, then choose Export > Excel.

  8. After the download is complete, click Download to download the file.

  9. Check the sys_attachment table.

    Note that the attachment exists (the attachment is against the sys_poll table).

 

 

Workaround

You can choose from various workarounds:

  • Don't use impersonation when exporting data with encrypted-text column. Instead, log in as the user.

  • Set the glide.encryption.export_encrypted_data.allowed property to false

  • Create a special decrypt_attachment role that includes the Encrypted Export Attachment context, and add that role to the impersonating user.

    Note – In order to be able to see and add that context, disable the "Hide system contexts" business rule on sys_encryption_context first.


Related Problem: PRB1268370

Seen In

SR - IRM - GRC Profiles - Madrid 2019 Q2
SR - IRM - Vendor Risk Management - Madrid 2019 Q1
SR - ITOM - Discovery and Service Mapping - 201908
SR - Security - Integration Framework - Madrid 2019 Q2
SR - Security - Support Common - Madrid 2019 Q2
SR - Security - Support Orchestration - Madrid 2019 Q2
SR - SIR - Security Incident Response - Madrid 2019 Q2
SR - SIR - Store SecOps Setup Assistant - Madrid 2019 Q2
SR - SIR - Store Threat Core - Madrid 2019 Q2
SR - SIR - Store Trusted Security Circles Client - New York 2019 Q3
SR - SIR - Threat intelligence - New York 2019 Q3
SR - VR - Qualys - New York 2019 Q3
SR - VR - Vulnerability Response - New York 2019 Q3

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2019-10-16 07:05:36
Published:2019-02-05