Domain Sepa

Mahira
Tera Guru

Hi,

I have a query regarding report generation in Domain Separated instance.

Scenario is this.

I have say field1 created for domain1

&

I have field2 created for domain2.

When a domain 1 user , runs a report he can see the field2 listed for reporting. Is there a way to prevent field2   from being listed when a domain1 user runs a report.

Although ServiceNow prevents user from seeing the domain1 user from seeing domain2 records, it would be good if the fields which are not applicable is not shown for reporting.

Any pointers or suggestions will be greatly appreciated.

Regards,

Mahira

1 ACCEPTED SOLUTION

Valor1
Giga Guru

DO NOT separate the dictionary table.


The only way to do this is by having a security role that you assign to each domain, and designate visibility to the domain-specific fields to that particular role.



Example: new role called "itil_domain1" and apply a security role on "field1/read" operation requires "itil_domain1" role.


View solution in original post

4 REPLIES 4

Bhavesh Jain1
Giga Guru

OOB Servicenow does not provide Domain field on sys_domain field. If you add this field on this table and set the correct domain, you should not have this issue. I am not sure why Servicenow has not created Domain seperation on Dictionary table. I will not recommend this and I would suggest you check for impact and Servicenow HI support guidance.



Regards,


Bhavesh


IGate-logo.png


http://www.igate.com


Valor1
Giga Guru

DO NOT separate the dictionary table.


The only way to do this is by having a security role that you assign to each domain, and designate visibility to the domain-specific fields to that particular role.



Example: new role called "itil_domain1" and apply a security role on "field1/read" operation requires "itil_domain1" role.


Hi Valor,


This worked. Only thing I worry now is will there be any performance issue with too many Access Controls for a given table?



Regards,


Mahira


ACLs are cached, so as long as you don't go crazy (1000s), you should be okay.



Just make sure you're doing "simple" ACL operations, like "requires role" -- this will reduce the compute overhead.