Domain Separation with local domain admin rights ?

shparkyeg · ‎10-27-2014

Is it possible, when domain separation plugin enabled, to have a specific "domain administrator" role? Like allowing user to create Business rules, Client scripts, Ui Policies etc. only in terms and related his domain, without having access and impact at another domains and their data ? I Believe we can manually determinate such role, but it will take a lot of efforts, and testing, especially in security and visibility area... ="\
Well, basically i want to have and admin roles, with privileges related only particular domain, in addition to global admin. So, can somebody share your experience with such case? Or, may be i am missing something, and ServiceNow already contains such functionality?)

Thanks,
Dzmitry

Michael Fry1 · ‎10-28-2014

OOB Business rules and client scripts are only available to admin role. If you gave a user in a lower domain the admin role, they would have access to existing business rules in the global domain, their parent domain but not rules in other domains. However, they will still be able to create rules in other domains, just not modify them.

It would be a lot of work to give a user domain admin to just their domain.

shparkyeg · ‎10-29-2014

Thanks for your reply,
Yeh, that's exactly what i am thinking about, but hoping, that i am missing something, and there are already existing functionality,or there is a simly solution, which i cant see =\
Life is Pain

jagmjavier · ‎12-05-2014

Hi,

you can create a new Admin user and set up its domain to the domain that you want. This admin will not be allowed to change to parent domains or brethren. It just can set up to offspring domains or global's one.

You can try creating one admin and setting up its domain to the last one in the hierarchy. You will see it cant set up BR to other domains than itself.

Regards