Domain system properties and user preferences

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Domain system properties and user preferences

    This content explains how administrators can control domain scope in ServiceNow through system properties and user preferences, specifically in environments using domain separation. Domain separation restricts data and process visibility based on the domain of the records users interact with, enhancing data security and operational segregation.

    Show full answer Show less

    Domain System Properties

    New domain separation activations automatically enforce domain scope restrictions on related data and processes. When viewing a record, related data and applied processes are limited to that record's domain. Each browser tab maintains its own domain scope based on the opened record.

    Key system properties manage domain scope behavior:

    • glide.sys.domain.userecorddomainforprocesses: When true, restricts process execution scope (except business rules) to the record's domain. Default is true.
    • glide.sys.domain.userecorddomainfordata: When true, restricts data scope to the record's domain. Default is true for new activations from Fuji onward.

    If either of the above properties is true, some older properties controlling domain scope are ignored.

    Business rules executed on domain tables have special handling:

    • glide.sys.domain.skipdomaininsertbusinessrules: Determines domain scope for business rules on domain tables. In new activations (Jakarta and later), defaults to true, using the session domain to decide applicable business rules. Setting this to true improves domain insert performance.
    • glide.sys.domain.skipnonglobalbusinessruleifnodomain: When true, only business rules from the global domain execute for queries without domain context or on non-domain-separated tables, aligning with recommended practices.

    ServiceNow recommends always using the record’s domain for domain separation rather than the session domain to maintain best security practices.

    User Preferences

    Administrators can globally or individually configure user preferences affecting domain scope:

    • glide.domain.sessionscope: When true, users default to their session domain scope instead of the record’s domain. Default is false. Users with the domainexpandscope role can override this.
    • glide.domain.sessionscopenotification: Controls whether a visual notification appears when a record’s values include an expanded domain scope. Defaults to true (notification shown).

    Practical Impact for ServiceNow Customers

    By properly configuring these system properties and user preferences, administrators can ensure that domain separation works effectively, restricting data and business processes to the intended domain contexts. This enhances data security, optimizes performance (especially during domain inserts), and provides flexibility for users needing broader domain visibility within their roles.

    Administrators have access to properties and user preferences that control domain scope.

    Properties

    New activations of domain separation automatically restrict domain scope to the record's domain for all related data or processes. When the user views a record in a form, the record's related data (such as reference picker and related list data) and applied processes (such as business rules and client scripts) are restricted to the record's domain scope. If there are records in multiple tabs, each tab has its own domain scope based on the record opened within that tab. The following properties restrict domain scope to either the record’s domain and the user’s current session domain.

    Table 1. Domain system properties
    Property Details
    glide.sys.domain.use_record_domain_for_processes Restricts domain scope to the record's domain for all processes. This property does not apply to business rules. Business rules are always processed from the domain record.
    • Type: true | false
    • Default value: true
    • Location: System Property [sys_properties] table
    glide.sys.domain.use_record_domain_for_data Restricts domain scope to the record's domain for all data.
    • Type: true | false
    • Default value: true in new domain activations from Fuji onwards (upgrades from instances older than Fuji do not have this property in the table)
    • Location: System Property [sys_properties] table
    When either the glide.sys.domain.use_record_domain_for_processes or the glide.sys.domain.use_record_domain_for_data property is set to true, the following properties are not used, regardless of their setting:
    • glide.sys.domain.use_record_domain
    • glide.sys.domain.use_record_domain_for_client_scripts
    • glide.sys.domain.domain_change_notify
    • glide.sys.domain.no_change_roles
    For a full list of properties see Available system properties.
    Note:

    In new activations of domain separation starting with the Jakarta release, the session domain determines the business rules executed on the domain table. In previous versions, business rules executed on the domain table were set based on the newly created domain’s hierarchy. This behavior is modified by the glide.sys.domain.skip_domain_insert_businessrules property. Setting this property to true significantly improves domain insert performance.

    Table 2. Domain scope properties for business rules executed on the domain table
    Property Details
    glide.sys.domain.skip_domain_insert_businessrules Specifies the domain scope for business rules executed on the domain table. In new activations of domain separation, the property default is true and business rules are determined by the session domain. In existing implementations, the property default is false and the business rules are determined by the newly created domain’s hierarchy.
    • Type: true | false
    • Default value: True in new domain activations starting with Jakarta. False in existing implementations.
    glide.sys.domain.skip_non_global_businessrule_if_nodomain Ensures that only bus.rules from global domain are executed when using queryNoDomain() or when table is not domain-separated, so you can skip any other business rules
    • Type: true | false
    • Setting the property to false restores the old behavior and doesn't align with ServiceNow® recommended practices.
    • Recommended: Domain-separate your tables; always try to use the record's domain rather than the session domain.

    User preferences

    In addition, user administrators can set the following user preference globally or on a per-user basis:

    Table 3. Domain scope user preferences
    Preference Category Updated By Details
    glide.domain.session_scope Domain Admin Only When true, sets the default scope to the user's session domain rather than the record's domain. When false, the default scope is the record's domain. Users with the domain_expand_scope user role can still change the domain scope as needed.
    • Type: true | false
    • Default value: false
    glide.domain.session_scope_notification Domain Admin Only When true, displays a visual cue that record values include an expanded domain scope. When false, the notification is hidden.
    • Type: true | false
    • Default value: true