ServiceNow – Enforcing One-to-One Relationship Between SIR and Digital IT

Scenario
You need to ensure a one-to-one relationship between Security Incident Records (SIR) and Digital IT records in ServiceNow — meaning:
- Each SIR can be related to only one Digital IT record.
- Each Digital IT record can be related to only one SIR.

This relationship must be enforced at the data model and UI levels.

------------------------------------------------------------
1. Define a Custom Relationship Type
------------------------------------------------------------
1. Navigate to: Configuration → Relationships → CI Relationships Types.
2. Create a new relationship type, for example:
- Parent Class: Security Incident (sn_si_incident)
- Child Class: Digital IT Service (cmdb_ci_service_digital)
- Name: Secures / Secured By
3. Ensure both classes are correct for your environment.

This defines the logical link between the two record types.

------------------------------------------------------------
2. Enforce One-to-One Cardinality (Business Rule)
------------------------------------------------------------
ServiceNow does not enforce one-to-one relationships natively, so use a Business Rule to restrict creation of additional relationships.

Table: cmdb_rel_ci
When: Before Insert
Condition: type.name = your relationship type name

Example Business Rule Script:

(function executeRule(current, previous /*null when async*/) {
// Check existing relationships from the SIR side
var relFrom = new GlideRecord('cmdb_rel_ci');
relFrom.addQuery('parent', current.parent);
relFrom.addQuery('type.name', 'Secures'); // Replace with your relationship name
relFrom.query();
if (relFrom.hasNext()) {
gs.addErrorMessage('A Security Incident can be related to only one Digital IT record.');
current.setAbortAction(true);
return;
}

// Check existing relationships from the Digital IT side
var relTo = new GlideRecord('cmdb_rel_ci');
relTo.addQuery('child', current.child);
relTo.addQuery('type.name', 'Secures');
relTo.query();
if (relTo.hasNext()) {
gs.addErrorMessage('A Digital IT record can be related to only one Security Incident.');
current.setAbortAction(true);
return;
}
})();

This rule aborts any insertion if a relationship already exists on either side.

------------------------------------------------------------
3. Optional – Add a Client Script or UI Policy
------------------------------------------------------------
To enhance UX, you can hide or disable the “Add Relationship” option when one already exists.

Example Client Script (onLoad):

function onLoad() {
var sir = g_form.getValue('sys_id');
var ga = new GlideAjax('RelationshipCheckUtils');
ga.addParam('sysparm_name', 'hasExistingDigitalIT');
ga.addParam('sysparm_sir', sir);
ga.getXMLAnswer(function(resp) {
if (resp == 'true') {
g_form.setReadOnly('digital_it_reference_field', true);
g_form.showFieldMsg('digital_it_reference_field', 'This Security Incident already has a Digital IT link.', 'info');
}
});
}

------------------------------------------------------------
4. Script Include for Relationship Check
------------------------------------------------------------

var RelationshipCheckUtils = Class.create();
RelationshipCheckUtils.prototype = Object.extendsObject(AbstractAjaxProcessor, {
hasExistingDigitalIT: function() {
var sir = this.getParameter('sysparm_sir');
var gr = new GlideRecord('cmdb_rel_ci');
gr.addQuery('parent', sir);
gr.addQuery('type.name', 'Secures');
gr.query();
return gr.hasNext();
}
});

------------------------------------------------------------
5. Testing
------------------------------------------------------------
- Try linking multiple Digital IT records to one SIR → should be blocked.
- Try linking one Digital IT record to multiple SIRs → should be blocked.
- One-to-one link → allowed.

------------------------------------------------------------
Summary
------------------------------------------------------------
✅ To establish and enforce a one-to-one relationship:
1. Create a custom relationship type between SIR and Digital IT.
2. Add a Before Insert Business Rule on cmdb_rel_ci to block duplicates.
3. Optionally, add a Client Script or UI Policy for a better user experience.
4. Maintain integrity via a reusable Script Include for checks.

This ensures strict one-to-one data integrity between Security Incident and Digital IT service records.