Column Level Encryption

  • Release version: Yokohama
  • Updated January 29, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Column Level Encryption

    Column Level Encryption allows for the encryption of specific fields within tables, enhancing data security while minimizing the need to encrypt entire tables or databases. This feature restricts access to encrypted data based on user roles, ensuring that only authorized users can view sensitive information.

    Show full answer Show less

    Key Features

    • Role-Based Access: Access to encrypted data is granted based on user roles. Users can be assigned roles directly or through groups, simplifying data visibility control.
    • Selective Encryption: Encrypt only the necessary fields, reducing the time and resources spent on data encryption and decryption.
    • Key Management: Basic key management is integrated, allowing for effective handling of encryption modules.
    • Enterprise Edition: The Enterprise version utilizes the Key Management Framework (KMF) for advanced customization and management of encryption processes.

    Key Outcomes

    By implementing Column Level Encryption, ServiceNow customers can protect sensitive data more effectively while ensuring that only users with the appropriate roles have access to view encrypted fields. This approach not only enhances security but also streamlines data management processes.

    Column Level Encryption permits and denies access to encrypted data based on user role. Column Level Encryption includes basic key management using encryption modules.

    With Column Level Encryption, you can encrypt specific fields within your tables, as opposed to encrypting the entire table or database. Use this method to help ensure that your sensitive data remains protected without the need to encrypt and entire table. The ability to encrypt only the portions of your tables that require it helps to reduce the time spent encrypting and decrypting data.

    Column Level Encryption grants access to encrypted data based on a user's role. Because of this approach, users must be associated with a role to view data encrypted by Column Level Encryption. Users can be associated with a role directly, or they can be assigned to a group that is associated with a role. This role-based approach simplifies the process of making sure that your data is visible only to users who need it.

    Figure 1. Role-based encryption example
    Role-based encryption
    In this example, you can see four users attempting to access data stored in two fields on a form. These fields are encrypted by an encryption context, which is only accessible to users who are associated with a specific role (Role 1).
    • User 1 is a member of Role 1, which provides access to encryption module 1. User 1 can see the contents of Field A and Field B.
    • User 2 and User 3 are members of Group 1. Group 1 is a member of Role 1, which enables everyone in Group 1 access to encryption module 1 and enables User 2 and User 3 to see the contents of Field A and Field B.
    • User 4 isn't a member of any group or role and has no access to encryption module 1. User 4 does note access to Field A or Field B. User 4 also doesn’t see these fields on a form. In a list view, these fields are visible, but the values are be empty.

    Get started

    Troubleshoot and get help