- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-11-2014 11:41 PM
Hi,
I have a query regarding report generation in Domain Separated instance.
Scenario is this.
I have say field1 created for domain1
&
I have field2 created for domain2.
When a domain 1 user , runs a report he can see the field2 listed for reporting. Is there a way to prevent field2 from being listed when a domain1 user runs a report.
Although ServiceNow prevents user from seeing the domain1 user from seeing domain2 records, it would be good if the fields which are not applicable is not shown for reporting.
Any pointers or suggestions will be greatly appreciated.
Regards,
Mahira
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-12-2014 11:50 AM
DO NOT separate the dictionary table.
The only way to do this is by having a security role that you assign to each domain, and designate visibility to the domain-specific fields to that particular role.
Example: new role called "itil_domain1" and apply a security role on "field1/read" operation requires "itil_domain1" role.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-11-2014 11:49 PM
OOB Servicenow does not provide Domain field on sys_domain field. If you add this field on this table and set the correct domain, you should not have this issue. I am not sure why Servicenow has not created Domain seperation on Dictionary table. I will not recommend this and I would suggest you check for impact and Servicenow HI support guidance.
Regards,
Bhavesh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-12-2014 11:50 AM
DO NOT separate the dictionary table.
The only way to do this is by having a security role that you assign to each domain, and designate visibility to the domain-specific fields to that particular role.
Example: new role called "itil_domain1" and apply a security role on "field1/read" operation requires "itil_domain1" role.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-12-2014 10:43 PM
Hi Valor,
This worked. Only thing I worry now is will there be any performance issue with too many Access Controls for a given table?
Regards,
Mahira
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-04-2014 07:01 PM
ACLs are cached, so as long as you don't go crazy (1000s), you should be okay.
Just make sure you're doing "simple" ACL operations, like "requires role" -- this will reduce the compute overhead.