Tickets tagging across domains

dwef
Tera Contributor

Hi ,
If shared data user created the ticket in A customer domain and they are able to attach the B customer domain tickets in Related list and related records

Kindly provide me the solution how to restrict this ASAP as these are afftecting many customers.

6 REPLIES 6

Can anyone please help me with the script to restrict other domain tickets visible in related records and related lists of A domain for a shared data user ?

It is affecting many customers please help asap.

Shubham_Jain
Mega Sage

To address this issue, where users from customer A can attach tickets from customer B to the related list or related records, you can implement domain separation and set proper access controls in ServiceNow.

 

Here’s a solution:

 

 

  • Domain Separation: Ensure that domain separation is correctly configured. ServiceNow provides domain separation to keep data segregated by customer. This helps restrict access to data across different customers.

    • Check domain settings: Ensure that each customer is assigned to their respective domains (Customer A in Domain A, Customer B in Domain B).
    • Restrict domain data sharing: Make sure data sharing is restricted between domains, unless explicitly allowed.
  • Access Control Rules (ACLs): You should create or update ACLs for the related records or related list table (such as the task table for incidents, problems, etc.) to restrict access between domains.

    • For example, on the [task] table, create ACLs to ensure that records from one domain (Customer A) cannot view or interact with records from another domain (Customer B).
    • The ACL should include conditions to check if the record belongs to the same domain as the current user's domain.
    • Condition: current.domain != gs.getUser().getDomainID()
      Script: gs.addErrorMessage("You are not authorized to view or link records from other domains.");
      answer = false;
  • Related Lists Configuration: Ensure the related list configuration only shows records relevant to the current domain. You can control this by setting domain filters in related lists.

  • Cross-scope access (If applicable): If cross-domain scripting or scoped apps are being used, make sure cross-scope access is restricted by properly configuring permissions between the two scopes.

Validation is important:

 

  • Test with users from both domains to ensure that Customer A users cannot see or attach Customer B’s records and vice versa.
  • Validate that the issue is resolved across different user roles and domains.

 

 

 

 

✔️ If this solves your issue, please mark it as Correct.


✔️ If you found it helpful, please mark it as Helpful.



Shubham Jain