Domain assignment

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Domain Assignment

    Domain separation in ServiceNow enhances data security by adding a domain field to tables and their extensions. While the system automatically applies domain separation to certain platform and baseline application tables, administrators can also extend it to new tables by adding a sysdomain field to their definitions. Caution is advised against domain-separating platform tables due to potential unexpected results.

    Show full answer Show less

    Key Features

    • Domain Assignment: Each record is assigned a single domain stored in the sysdomain field, derived from various factors such as the user's company, business rules, or form templates.
    • Automatic Inheritance: Records automatically inherit the domain of the user who creates them, as well as the domain of the parent record.
    • Assignment Methods: Users can be assigned to domains through their associated companies, business rules can set domain values, modules can use the sysparmdomain URL parameter, and form templates can be configured to assign domains automatically.
    • Restricted Tables: Certain tables are established as non-domain-separable, including Access Control and System Property tables, ensuring system integrity.

    Key Outcomes

    By implementing domain separation, ServiceNow customers can achieve enhanced data security and customized record management. Users benefit from automatic domain assignments that streamline record creation and management, while administrators gain flexibility in configuring domain assignments through various methods, ensuring a tailored approach to their organization's needs.

    By default, domain separation adds a domain field to tables and their extensions.

    You can also extend domain separation to any new tables you create by adding a sys_domain field to the table's dictionary definition. By default, the system only domain-separates platform and baseline application tables where appropriate.

    Warning:
    ServiceNow does not recommend domain-separating platform tables (any table with the sys_ prefix such as the Dictionary Entry [sys_dictionary] and Dictionary Entry Override [sys_dictionary_override] tables) because it can produce unexpected results.

    Each record is assigned a single domain. That domain is stored in the sys_domain field. Several tables, by default, have the sys_domain column and are already domain separated.

    The value of the sys_domain field contains the domain assigned to the record by any of the following:
    • Company to which the user belongs
    • Business rule when creating record
    • Module used when creating record
    • Form template used when creating record
    • Domain of the parent record
    • Domain assigned to User record
    • Domain of the user who creates it

    The system prevents the following tables from being domain separated:

    • Access Control [sys_security_acl]
    • Script Include [sys_script_include]
    • System Property [sys_properties]
    • Security Exclusion/Inclusion List Entities [sys_security_restricted_list]
    • Dictionary Entry [sys_dictionary]
    • Dictionary Entry Override [sys_dictionary_override]

    Assigning users to companies

    Administrators can quickly assign users to a domain by assigning them to a company. After users are assigned to a domain, records automatically inherit the user's domain.

    For example, assigning Bow Ruggeri to the ACME company automatically assigns him to the ACME domain. Assigning Don Goodliffe to the Initech company automatically assigns him to the Initech domain. Any records they create are automatically added to the appropriate domain.

    Using business rules to assign domains

    Administrators can use a business rule to automatically set a domain value when creating a record. The business rule must set a value in the sys_domain field. Administrators must ensure there is a sys_domain column available for the record's table. To learn more see Domain separation recommended practices for service providers.

    Using modules to assign domains

    Administrators can use the sysparm_domain URL parameter to automatically assign new records to a particular domain from a module. Administrators must create a module with an Argument value of: sysparm_domain=sys_ID of domain.

    Using form templates to assign domains

    Administrators can use a form template to automatically assign new records to a particular domain. Administrators must add the sys_domain field to the form and select a domain value. For example, setting the sys_domain field to TOP/ACME domain automatically assigns all records from this template to the TOP/ACME domain.

    Domain inheritance on tables

    By default, related records inherit the domain of the parent record. For example:

    • A change task record inherits the domain of the parent change request record.
    • A problem record inherits the domain of the parent incident record.

    Automatic domain assignment based on user domains

    If no other domain conditions apply, a record automatically inherits the domain of the user who creates it.