Editing ServiceNow Additional Comments: Best Practices & Step-by-Step Guide

In the dynamic world of ServiceNow, clear and accurate communication within records is paramount. The activity log, particularly the "Additional comments" section, serves as a vital communication thread, capturing important details and updates. However, there might be instances where sensitive information, like a password, is mistakenly added to these comments. When this happens, the need to rectify the error becomes critical for security and compliance. This article will guide ServiceNow administrators through the process of editing previously entered additional comments, ensuring sensitive data can be appropriately managed.

While ServiceNow's platform is designed for auditability and tracking changes, situations arise where a correction to an existing comment is necessary. Directly editing an entry within the activity log's user interface is not a standard feature, as these entries are tied to the system's audit history. However, with the right approach and administrative privileges, it is possible to address this.

The Challenge: Why Direct UI Editing Isn't Available

The activity log in ServiceNow is primarily built upon the sys_audit and sys_journal_field tables. These tables are designed to maintain a historical record of changes made to records, including comments. Directly modifying entries through the standard interface would compromise the integrity of this audit trail.

The Solution: A Multi-Table Approach for ServiceNow Administrators

To edit an additional comment, a ServiceNow administrator needs to interact with the backend tables that store this information. This involves a three-step process: modifying the sys_journal_field table, updating the sys_audit table, and potentially addressing the sys_history_set record.

Important Considerations Before Proceeding

• Administrator Access Required: You will need an administrator account with sufficient permissions to access and modify these system tables.

• Non-Production Environment First: It is strongly recommended to practice these steps on a non-production ServiceNow instance to understand the impact and avoid unintended consequences in your live environment.

• Exercise Caution: Incorrectly modifying system tables can lead to data inconsistencies. Proceed with care and double-check your actions.

Step-by-Step Guide to Editing Additional Comments

1. Obtain the Sys ID of the Record

   • Open the ServiceNow record (e.g., Requested Item) containing the comment you need to edit.

   • Right-click on the header of the record.

   • Select "Copy sys_id". This unique identifier is crucial for the subsequent steps.

2. Modify the sys_journal_field Entry

   • In the ServiceNow application navigator, search for and open "sys_journal_field.list".

   • Apply a filter to find the specific comment entry. You can use the condition "Element ID | is | [your copied sys_id]".

   • If there are many entries, you can further refine your search by adding a condition like "Value | contains | [a unique part of the comment you want to edit]".

   • Once you locate the correct entry, open it.

   • Carefully edit the text within the "Value" field to remove or redact the sensitive information.

   • Click "Update" to save your changes. This table holds the current version of the comment.

3. Update the sys_audit Entry

   • In the ServiceNow application navigator, search for and open "sys_audit.list".

   • Apply a filter to find the audit entries related to the record. Use the condition "Document key | is | [your copied sys_id]".

   • You might need to add further conditions, such as "Field name | is | comments" or by looking for the sensitive information in the "Old value" or "New value" fields.

   • Open the relevant audit entry.

   • Carefully edit the "Old value" and "New value" fields to remove or redact the sensitive information that was present in the comment.

   • Click "Update" to save your changes. This step ensures the audit history also reflects the correction.

4. Delete the sys_history_set Record (Potentially)

   • In the ServiceNow application navigator, search for and open "sys_history_set.list".

   • Apply a filter using the condition "ID | is | [your copied sys_id]".

   • If a record is returned, you can delete it. This table groups related audit entries, and deleting it can sometimes help in ensuring the activity log rebuilds correctly. However, exercise caution as this might impact the broader history tracking for the record.

Why This Multi-Step Process is Necessary

The activity log displayed on a ServiceNow record often reconstructs its history by pulling information from these interconnected tables. By modifying the sys_journal_field entry, you update the current comment. Updating the sys_audit entry ensures the historical record is also corrected. Deleting the sys_history_set can sometimes be needed to force a refresh of the activity log display.

Alternative Solutions and Considerations

• Adding a Corrective Comment: Instead of directly editing the original comment, consider adding a new comment stating that a previous entry contained an error and providing the corrected information. This approach maintains the integrity of the audit trail while addressing the issue.

• Scripted Approach (Advanced): For recurring needs, administrators with scripting knowledge can develop a script to automate this process, taking the record's sys_id and the text to be removed as input. However, thorough testing is crucial for such scripts.

• Impact on Audit Trail: Be aware that directly modifying system tables can have implications for your audit trail. Ensure you understand your organization's policies regarding data correction and audit logs before proceeding.

Conclusion

While ServiceNow's activity log is designed for tracking and audit purposes, the need to correct mistakenly entered sensitive information can arise. By carefully following the multi-step process of modifying the sys_journal_field and sys_audit tables, ServiceNow administrators can effectively edit additional comments. Remember to prioritize caution, practice in a non-production environment, and consider the implications for your audit trail. As a next step, if you encounter a situation requiring the editing of an activity log comment, ensure you have the necessary administrative privileges and follow the outlined steps meticulously. Always back up your instance or take a snapshot before making direct data modifications.