Need help Domain Separation concept for Data Separation

shaik_irfan
Tera Guru

Hi,

We have activated Domain Separation Plugin, currently we have 5 domains where i created 5 domains now i need to separate the Users & Data. Can anyone please help me the best practice and suggestion how to separate without any issue

1 ACCEPTED SOLUTION

Ganesh Bhat
ServiceNow Employee
ServiceNow Employee

Hi Shaik,

I have been involved in domain separation of one of the servicenow application, hence I understand the difficulties and what we need to know while domain separating an application.
Some of these things are learnt by extensive research, trial and error, which is hard to find. 

So, here is the best way to get started about it.

 

1. All you need to know about domain separation and how to do it is documented as step by step developer guide.

https://developer.servicenow.com/app.do#!/training/article/app_store_learnv2_domainseparation_madrid...

This will take you through the domain separation concepts and exercises and help you achieve it easily.

  

All you need to do to ensure domain is these 7 things

1. Install domain separation plugin ( com.glide.domain.msp_extensions.installer )

2. Setting up domains and users

Same as what someone else already pointed out, do these

a. Create Domain and Domain hierarchy ( set right parent domain - explained in the document provided above )

b. Create Company for each domain ( 1-1 mapping )

c. Create users and assign a company ( consider this as domain )

3. Check if table of interest is domain separated

var gr = new GlideRecord('sn_cmp_bp_cat_item');
gs.info(gr.isValidField(‘sys_domain’));

this will print true, if table is domain separated ( in case if table that current table extends is already domain separated )

4. If your application uses catalog, install domain separation for catalog ( servicecatalog.domain_separation )

5. You must update the dictionary to domain separate the tables.

while developing, you can use below script to domain separate any table of your choice and test the behaviour.

insertDomain('sn_cmp_order');//table of your interest here

function insertDomain(tableName) {
	var gr = new GlideRecord('sys_dictionary');
	gr.initialize();
	gr.setValue('name', tableName);
	gr.setValue('element', 'sys_domain');
	gr.setValue('internal_type', 'domain_id');
	gr.setValue('column_label', 'Domain');
	gr.setValue('default_value', 'global');
	gr.setValue('max_length', 32);
	gr.update();
}

 

Typically you need not do anything in additional to adding sys_domain column, if you are not manipulating data using scheduled job.

The domain of the user who created is used for records too.

 

6. In domain separation behaviour, there are 2 more important concepts ( Process and Data )

We use an attribute called sys_override, which makes any table content as process, this reverses the visibility of the data.

For example. ( see how visibility got reversed )

Data

  • Users in parent domain can see children domain data
  • Users in children domain can’t see parents data
  • Everyone can see global

Process

  • Users in child domain can see parent domain data
  • Users in parent domain can’t see child data
  • Everyone can see global
  • User in global cant see the data from child domains, they will have to do expand domain scope
  • Allows you to create a process record at child domain level and mark it as it overrides the parent domain record.


Business rules, workflows, policies ( anything which can be related to execution unit, can be considered as process )

When i find some time, i will post a script make any table as process. 

You will also need to understand following concepts ( which are explained in the document reference i provided above )

  • Visibility domain
  • Contains domain

 

7. If your application involves mid server etc, then there are other considerations.

Hope this will help you get started with domain separation for your application.

 

View solution in original post

5 REPLIES 5