Domain Separation of the Service Catalog

Grant Shewan · ‎04-12-2017

We are using the ServiceNow in a domain separated environment, and have had a number of concerns from various regional teams using the solution, that the Service Catalog is not domain separated. The concern is that a catalog_admin from one region (e.g. Finland) can see the catalogs, categories, items and variables defined by the teams in NL and UK. As a 'Centre of Excellence' within a global MSP company, we understand their concerns, but also see that sharing this information may help in the long term, as one region can see how another region has defined certain aspects of their solution. However, their main concern is that one regions configuration may get changed by another, and even possibly deleted, as was the case in our Japan instance a short time ago.

I appreciate that the standard recommendation from SN is that we shouldn't add domain separation to any baseline tables, however, as a global MSP, we are possibly getting to the position where we have to reassess the impact of not doing this.

Is there anybody out there, preferably an MSP, who has added DS to the Service Catalog successfully?

Michael Fry1 · ‎04-12-2017

Just a thought, what if you gave them catalog_manager and/or catalog_editor roles instead of catalog_admin. What would they lose that they still need to do? They would then have a manager assigned to catalog items and editors who could also edit their items. There are modules in the Service Catalog app - My Catalogs, My Categories, & My Items.

Grant Shewan · ‎05-08-2017

Thanks for your reply Michael, however, the requirement stretches further than just categories and items. Your solution comes close, but we still have a problem where someone from one domain can edit/delete variables and variable sets that a catalog_manager/editor from a different domain has created - this is exactly what started us to look at domain separating the Service Catalog tables.

We did actually complete an exercise of domain separating the relevant tables, and we never experienced any issues with any scripts or background automation that we're not sure of, so all looked good - however, going on SN's advise not domain separate any baseline tables, we simply go couldn't go ahead with the change into production.

I'm sure we're not the first company (or MSP) who have come across this predicament?

brianmcgoughfro · ‎09-25-2017

Grant,

Did you move forward with adding Domain sep to the catalog and catalog item tables? We are hitting the same limitation you describe.

Thanks,

Brian

shivanipatel · ‎04-21-2017

Grant,

We are glad you were able to take advantage of the ServiceNow Community to learn more and to get your questions answered. The Customer Experience Team is working hard to ensure that the Community experience is most optimal for our customers.

If you feel that your question was answered, we would greatly appreciate if you could mark the appropriate thread as "Correct Answer". This allows other customers to learn from your thread and improves the ServiceNow Community experience.

If you are viewing this from the Community inbox you will not see the correct answer button. If so, please review How to Mark Answers Correct From Inbox View.

Thanks!