34 views

Symptoms


Encryption fields fail to display on form even though your user has the encrypted context role assigned to them.

Release


ALL 

Cause


This is usually caused due to data being encrypted with a different encryption context than the one expected.

Resolution


To determine what encryption context was used to encrypt the data in a record please do the following:

 

1) Get the sys_id of one of the affected records

2) Go to scripts - background module and run the following script:

                var gr = new GlideRecord('affected_table_name'); // name of the table where the record lives

                gr.get('sys_id_of_record') // place the sys_id of the record acquired from step 1.

                gs.print(gr.encrypted_text_column_name) //Print the value where the encrypted column is on

 Your result should be similiar to the following:

 

56715c0aff1331007a6dffffffffff54:qvA0A3zPArVzfyllV8TdjsQyqs9L7otRvgX6id4mVrB6gNfKz/LEgHP+q7TKgwScSSIdqaCTbGph
1GMLOfAuQAOdzYvN9JLM1+WpJ1DsuIrd8v4t6h9zFRQxXsosZErHkgrlC+tkdYzibhNr/wvPFav1
4gSDD4tReHyk1SjgsGQZaY0uc4udxJLjWOuuIcYMSZr0BBvh0NIewGpobMrUPmUCIlieGpnHk8Oe
lckCfLWl/dS6wz2rbXRgOxX8EWS1Q0WzXJ72Px4LB5sfl8p75N5kGXtsHGlHdkbjUGbJ5DhC5mrv
OOCr5TdCXMCjCDQJ/cO0tBhWtjjJ5pB99S0pUCgSFQZZg+buHr2ZHk6ZPmGBqiKovUf0By9Yq6Uj
xmEm67CDIBFaCtPpWoYlXCgSOhLPSoHoceojLYnhGqvMsiRt6U1AOHLjTKLNBGzJjVpUsJQcFCW9
88Po1sg1ThA8n3nMyYbPuoh7UCO00C2+ulO61Ga9B5/Yd51PqjiHYeQO29skhvNVMlbes6eYLR3m
OkXOnAAdbdR/7HCBwd6YcN3CUCrc3YF10XJpHMfs6AdivzzgxNXfh9/v0Ia5Dqzr1Ok4AZBsOVW+
C4F3SkWlc1Mtqi2JUGHFxYEjU8Sfpv00TMd0ZuAb6lZT8dysca/XfMZII/2b8y0t9/32w45p9eAk

3) The first part just before the colon (:) character is a sys_id. This sys_id belongs to the encrypted context record in your environment. Copy this sys_id.

4) Go to the encrypted context table and match this sys_id to one of your existing encryption context

5) Usually we find here that the encrypted context used to encrypt the data was one that we did not expect to be used. This is common when users have multiple encrypted context assigned, or when performing mass updates.  

Additional Information


For more information, please review the encrypted context documentation for set-up and configuration:

https://docs.servicenow.com/bundle/london-platform-administration/page/administer/encryption/task/t_EncryptionContextSetup.html

Article Information

Last Updated:2018-09-06 09:01:11
Published:2018-09-06