Hi experts

We use ServiceNow among other things as an interface for our customers. The customers only have access to the Service Portal. In the Service Portal, they can view information about their contracts and create and edit incidents. The top priority here is, of course, that no customer sees data from another customer.

For data separation, we rely on ACLs and Before Query Business Rules. These in turn call functions in a script include. The script include then returns the data that the user is allowed to access (A simple example: incidents where the user's company is stored). For users who have access to multiple customers, this query can create a long OR condition, which in turn has a negative impact on performance.

Basically, data separation works this way. However, since it is customized, we now want to look at out-of-the-box options and evaluate what is the best solution for our scenario.

One option we are investigating is Domain Separation. However, we are undecided if this is the right solution for us. For one thing, process separation has little to no demand for us. On the other hand, implementation in our already running system would be rather difficult.

What are your experiences regarding data separation and domain separation?
Do you have other solutions in use?
What do you recommend?

I am curious about your solutions.

Thanks and regards,

Dominik

Exciting articles related to data separation:

• https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/company-and-domain-separation/reference/domain-sep-landing-page.html
• https://community.servicenow.com/community?id=community_article&sys_id=bc90fa39db2f48145ed4a851ca9619f7
• https://community.servicenow.com/community?id=community_article&sys_id=926dea29dbd0dbc01dcaf3231f9619c3