Domain separation and Skills Management

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Domain separation and Skills Management

    Domain separation is fully supported in the Skills Management application as of the Yokohama release. It allows you to segregate data, processes, and administrative tasks into distinct logical groupings called domains. This ensures that users see and interact only with the data relevant to their assigned domain, enhancing data security and organizational clarity. The setup requires no explicit configuration within the Skills Management app, but the instance owner must configure the application to operate across multiple tenants.

    Show full answer Show less

    Key Features

    • Comprehensive Domain Separation: Applies to all app features, including user interface, cache, reporting, rollups, and aggregations.
    • Data and Logic Isolation: Ensures that skills, skill categories, and skill levels are created and managed within specific domains, including the global domain.
    • Role-Based Access Control: Users with roles in the Skills Management app can only view skill data within their assigned domain or its parent domains.
    • Domain Columns in Skill Tables: All skill-related base tables include Domain and Domain Path columns to identify the domain ownership of each record.
    • Support for Multi-Tenant Use Cases: For example, service providers can respond to tenant customers while maintaining appropriate data separation.

    Important Practical Details for ServiceNow Customers

    • Users must belong to the appropriate domain to view or manage skill records; parent domain users can access child domain data.
    • Creating or associating skills on behalf of users requires that the Skill Manager and the user share the same domain.
    • When integrating with external applications, Skill Managers need to belong to the domain of those applications to associate related records.
    • The domain associated with a specific skill record determines its behavior and how reference fields function.
    • If the Domain column is not visible in skill tables, it can be added via the Update Personalized List option for better domain visibility and management.

    Domain separation is supported in the Skills Management app, and configured to apply to all features of the application. Separation of data is configured along with separation of logic and process.

    Domain separation enables you to separate data, processes, and administrative tasks into logical groupings called domains. You can then control several aspects of this separation, including which users can see and access data.

    Support level: Basic

    • Business logic: Ensure that data goes into the proper domain for the application’s service provider use cases.
    • The application supports domain separation at run time. The domain separation includes separation from the user interface, cache keys, reporting, rollups, and aggregations.
    • The owner of the instance must set up the application to function across multiple tenants.

    Sample use case: When a service provider (SP) uses chat to respond to a tenant-customer’s message, the customer must be able to see the SP's response.

    For more information on support levels, see Application support for domain separation.

    How domain separation works in Skills Management

    Domain separation is supported in Skill Management with no explicit setup or configuration requirements. Skills, skill categories, skills levels can be created in separate domains, including the global domain. When domain separation is implemented, people with skill app roles can view skill information only in the domain assigned. Domain and Domain Path columns are available for all Skill tables provided with the base system. The Domain column contains the name of the domain to which the event or alert belongs, and the Domain Path column contains the unique domain identifier.

    Table name Description
    sys_user_has_skill User skill information
    cmn_skill Main skill table
    cmn_skill_category Define skill categories
    cmn_skill_level_type Define skill level type
    cmn_skill_level Define skill level
    sys_group_has_skill Group skills
    cmn_skill_contains Define skills contained within skills
    task_m2m_skill Task skill information
    Note:
    If the domain column is not shown, click the Update Personalized List icon and add the required column. You can also add the domain path column, if desired.
    Use cases:
    • A Skill Manager that belongs to the Acme domain creates a skill and wants to view and associate it to user in the Acme domain. A user must belong to the Acme domain, its parent domain, or the global domain to view the skill record.
    • A Skill Manager that belongs to a parent domain tries to view a skill in a child domain. The user of a parent domain can view a skill record of the parent as well as all child domains of that parent.
    • A Skill Manager that belongs to a parent domain wants to create/associate a skill on behalf of another user in the Acme domain. A user must belong to the same domain as the user for which the skill record is created.
    • A Skill Manager wants to associate a record for an integrated application in the Acme domain. A user must belong to the domain of the integrated application from which a record is associated.
    • A Skill Manager has access to multiple domains but wants to update a record with content within a specific domain. The domain specified for the current record drives the functionality of that record and reference fields.