47 views

Description

After impersonating from the admin to a user role, an attempt to export an attachment that has encryption text as xls/pdf for incident or any other table results in a successful download. However, when opening the downloaded file, the error "Requested attachment does not exist" occurs.

Steps to Reproduce

  1. Log in to an instance as an admin.

  2. Activate the Encryption plugins.

  3. Create an Encryption context and assign to the admin role.

    For more information, see the product documentation topic Encryption support.

  4. Go to the incident table configuration and make a file (for example, Description) an Encrypted Text field. 

  5. Impersonate a user who has an access to a table list such as the incident table.

  6. Go to incident-list.do.

  7. Right-click in the banner, then choose Export > Excel.

  8. After the download is complete, click Download to download the file.

  9. Check the sys_attachment table.

    Note that the attachment exists (the attachment is against the sys_poll table).

 

 

Workaround

You can choose from various workarounds:

  • Don't use impersonation when exporting data with encrypted-text column. Instead, log in as the user.

  • Set the glide.encryption.export_encrypted_data.allowed property to false

  • Create a special decrypt_attachment role that includes the Encrypted Export Attachment context, and add that role to the impersonating user.

    Note – In order to be able to see and add that context, disable the "Hide system contexts" business rule on sys_encryption_context first.


Related Problem: PRB1268370

Seen In

There is no data to report.

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2018-05-31 04:11:16
Published:2018-05-31