Description
After impersonating from the admin to a user role, an attempt to export an attachment that has encryption text as xls/pdf for incident or any other table results in a successful download. However, when opening the downloaded file, the error "Requested attachment does not exist" occurs.
Steps to Reproduce
-
Log in to an instance as an admin.
-
Activate the Encryption plugins.
-
Create an Encryption context and assign to the admin role.
For more information, see the product documentation topic Encryption support.
-
Go to the incident table configuration and make a file (for example, Description) an Encrypted Text field.
-
Impersonate a user who has an access to a table list such as the incident table.
-
Go to incident-list.do.
-
Right-click in the banner, then choose Export > Excel.
-
After the download is complete, click Download to download the file.
-
Check the sys_attachment table.
Note that the attachment exists (the attachment is against the sys_poll table).
Workaround
You can choose from various workarounds:
-
Don't use impersonation when exporting data with encrypted-text column. Instead, log in as the user.
-
Set the glide.encryption.export_encrypted_data.allowed property to false
-
Create a special decrypt_attachment role that includes the Encrypted Export Attachment context, and add that role to the impersonating user.
Note – In order to be able to see and add that context, disable the "Hide system contexts" business rule on sys_encryption_context first.
Related Problem: PRB1268370