Application Scope in Domain Separation

Shalini Priya1 · ‎07-19-2018

Hi,

I would like to know whether a domain separated instance can contain multiple application scopes with the below criteria:

Here is a scenario :

I want to create domains like Domain A and Domain B. Can company B can have multiple applications with different application scopes and

1. Can Application 1(x_application1_scope) and Application 2 (x_application2_scope) under Domain B be able to share the data between these applications?

Eg: Can we give read access to both applications to view the records but not to edit the records.

2. As these 2 applications belong to Domain B it shouldn't share the data between Domain A. Is this possible to restrict? Can anyone help me understand the above domain separation & application scope criteria with prons and cons?

Daniel Draes · ‎07-19-2018

Hi shalinipriya,

good questions you raise here 🙂 Let me try to answer them.

Domain Separation and Application Scoping are two distinct features of the platform. While the both offer similar functionality to a certain extent they also serve two different purposes. At the same time both do not know each other.

As for your questions:

1) Your applications will not know anything related to domain. The configuration you make within these applications could be living in any of the domains. If you want to have them assossiacted to a bespoke domain you will need to manually take care to not make any configuration outside the domain you want this application to live in. Data that is generated by a user working in this application will though reside in the domain of that user when creating it (unless you create your own 'set domain' logic).

2) Data protection for records in Application Scope A or B is controlled by regular ACLs. You can define them as you need and thus protect access from other domains. The only additional mechanism you will gain by using an application scope is the Access Setting of the Application Scope itself where you can control if applications from another scope (not domain!) can access into your scope. So you could limit access from Application Scope A to B (in same domain) or C (in other domain).

Hope that helps.

Daniel

Andres Schwende · ‎12-14-2021

Hi Daniel,

Domain separation is unsupported for App Engine Studio:

https://docs.servicenow.com/bundle/rome-application-development/page/build/app-engine-studio/concept/aes-domain-sep.html

So how can I scope an application in a domain of a domain separated instance?

Thanks for clarification

BR

Andres

Daniel Draes · ‎12-14-2021

You cannot really scope an application. Applications are a platform feature, with that any application on the instance will be available to all domains - based on authorizations.

However, you can make applications domain aware by creating a domain column. With that you allow different views based on the domain of the current session.

In above scenario the Application 1 and 2 will be available to all domains on that instance. If Application 1 has a data table including a column domain, then records in that table will be filtered to the current users domain when reading records from that table.

Hope that makes sense.