Loading...
Loading...
SQL query against sys_kmf_crypto_module is run every time access to a module is checked via CallerPolicyAccessManager.isModuleAccessible. For a field with a CLE encryption configuration, this API is called 1 or more times for each canRead|canWrite|canCreate call that is made. canRead is called multiple times for each form load, meaning this query is run many times when loading a single record. Steps to Reproduce 1. Activate Column Level Encryption (id: com.glide.encryption) plugin 2. Create a CLE crypto module 3. Create a role-based KMF access policy for the crypto module and allow access to admin role 4. Create a CLE encryption configuration on incident.short_description To see the additional query you can enable sql debugging or add a breakpoint in KMFWorkflowDescriptor.isEncryptedWorkflowScratchpadModule (if debugging in IDE). In these steps background script is used and sql debugging is enabled so that the output displays the query. 5. Run the following script via background scripts (sys_id used is OOB demo data and can be replaced with any incident record's sys_id) var gr = new GlideRecord('incident'); gr.get('57af7aec73d423002728660c4cf6a71c'); gs.trace(true); gr.short_description.canRead(); gs.trace(false); Expected: a query on sys_kmf_crypto_module is not executed Actual: a query on sys_kmf_crypto_module is executed every time the script is run
This problem has been fixed. If an upgrade is possible, please refer to the Fixed In section to determine the latest version with a permanent fix that the instance can be upgraded to.
PRB1820829
Click on a version to see all relevant bugs
ServiceNow Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.