What stops a Service-now admin with privileged access from giving themselves the role that is allowed to encrypt/decrypt?
• A user with admin access could grant himself or other users the role associated with the encryption context as this is how encryption contexts are assigned. If desired, addition measures could be added by the customer or Service-now professional services such as sending an email to an appointed “encryption manager” whenever a role associated with an encryption context is granted to a user, etc.