Sie sind auf Seite 1von 2

Domain separation

Domain separation is a way to separate data into logically-defined domains.


Why to use Domain Separation?

Enforce absolute data segregation between business entities (data


separation).
Customize business process definitions and user interfaces for each
domain (delegated administration).
Maintain some global processes and global reporting in a single instance
of ServiceNow.

Domain separation is extremely well-suited for Managed Service Providers


(MSPs) and global enterprises with unique business requirements in various
areas of the world. Domain separation replaces Company Separation.
This functionality is not available by default. You have to consult and request for
Domain Separation plugin from HI portal.
Members of one domain can only see the data contained within their domain or
the child domains that are lower in the domain hierarchy.
By default, all users and all records are members of the global domain unless an
administrator assigns them to a particular domain.
Once you assign a user or a record to a domain, the instance compares the
user's domain to the record's domain to determine whether the user can view
the record.

Global

All user can see records available in global domain

Domai
nA

Domai
nB

Users in domain A can see records for Domain A, A1 and A2. He will not have access to
Domain B and B1

Domai
Domai
Domai
User in Domain A1 will only have visibility for records in demain A1 and not on any other
n A1
n A2
n B1
domains(except Global domain). All users have visibility of their domain and Child domians
along with Global domains. They will not have visibilty of any other domains

By default, domain separation adds a domain field to the Task [task] and
Configuration Item [cmdb_ci] tables and their extensions. You can also extend
domain separation to any new tables you create by adding a sys_domain field to
the table's dictionary definition
SeviceNow does not recommend domain separating platform tables such as the
Dictionary Entry [sys_dictionary] and Dictionary Entry Override
[sys_dictionary_override] tables because doing so can produce unexpected
results.
Starting with the Fuji Release, the system prevents the following tables from
being domain separated:

Access Control [sys_security_acl]


Script Include [sys_script_include]
System Property [sys_properties]
Security Black/Whitelist Entities [sys_security_restricted_list]
Dictionary Entry [sys_dictionary]
Dictionary Entry Override [sys_dictionary_override]

It is recommended that administrators do not domain separate these tables for


versions prior to the Fuji release