remove highlight
expand all

Administer > Administer Service Management > People > Encryption domains

Encryption domains

Service Management supports the ability to encrypt specific record type fields via the creation of encryption domains. This enables you to restrict access to sensitive information to selected users.

You can assign groups to an encryption domain; the members of each assigned group will have access to the fields encrypted in that domain. For each user who accesses the encrypted fields, a passcode and a verification code are required.

You can create multiple encryption domains. Each one operates independently. For example, you may want to encrypt sensitive data for changes using Encryption domain 1 and employee data using Encryption domain 2. Each encryption domain requires a separate verification code. (One passcode is valid for all encryption domains.)

After you encrypt a field of a record type, you can add it to a form. The data in the field will be visible only to members of the encryption domain who have been verified. It is also possible to encrypt attachments to records.

Encrypted fields cannot be added to business rules and should not be selected in reports. Global search does not support encrypted fields and you cannot filter or sort record type data by encrypted fields.

Encryption domains are not supported in the Dev2Prod functionality. Any encryption domains defined in your development environment must be manually redefined in your production environment.

For information on the available APIs related to encryption domains, see Encryption domain API.

Note

  • Encryption domains are not related to data domains.
  • Encryption domain administrator permission is required to create or update encryption domains.

How to create an encryption domain

How to update an encryption domain

  1. From the main menu, select Administration > Master Data > People > Encryption domains.
  2. Select the encryption domain you want to update, and make the required changes.
  3. Click Save to save the encryption domain.

Note If you removed groups from the encryption domain, the members of those groups can no longer access the fields encrypted using this domain.

How to disable/enable an encryption domain

  1. From the main menu, select Administration > Master Data > People > Encryption domains.
  2. Select the encryption domain you want to disable and click Disable on the toolbar.
  3. Click Save. The encryption domain is now disabled and cannot be used to encrypt new fields. The fields already encrypted using this encryption domain are still encrypted and can be decrypted by members of the encryption domain.
  4. To re-enable the encryption domain, click Enable on the toolbar and click Save.

How to encrypt a field

Note

  • Encryption domains are not supported for template fields (for instance, Change templates or Incident templates).
  • The Default values tab of a model (for instance, Change models or Incident models) cannot contain encrypted fields. It is possible to add fields that are defined as conditionally encrypted (using the Advanced options), but the fields will be unencrypted in the model.
  • Encryption domains are not supported for Service Portal users. Encrypted fields should not be added to forms that are available in the Service Portal.

How to encrypt attachments

  1. From the main menu, select Administration > Configuration > Studio > Fields. Select the required record type.
  2. Select the out-of-the-box Attachments field.
  3. Select the Encrypted check box. The Encryption domain property appears.
  4. Select the encryption domain from the drop-down list.
  5. Optionally, set the advanced options for the encryption, as you would for other encrypted fields.
  6. Click Save to save the field.
  7. When a user accesses a record of that type, a new button, Add encrypted attachments, appears next to the Add attachments button in the Attachments section of the records. The user can add both encrypted and unencrypted attachments.

Note

  • It is possible to configure Service Management to display only the Add encrypted attachments button for record types for which encrypted attachments are defined. The user will not be able to add unencrypted attachments for these record types. To enable this feature, submit a request to Support.
  • In the Service Portal, the Add encrypted attachments button is never displayed. Encrypted attachments added to a record in Service Management are not accessible in the Service Portal.

How to view and edit encrypted data

Related topics

War diese Antwort hilfreich für Sie?