Can't assign an incident to an individual because of Record Scope (Domain Sep)

robpresland · ‎03-03-2025

We're having an issue with incident assignment in a domain separated instance. Maybe you can help.

We have 2 domains, say C and M. C is a customer domain, and M is an MSP domain, providing support to C. M contains C so that it can see everything. C users are created in the C domain, and M users are created in the M domain. Support groups are at global (so both can see them).

If an incident is opened for a C user, it is in the C domain. When a M user views/updates the incident, the record scope is active, so while a M user can assign the incident to a group (because groups are global), the M user cannot assign to a group member if all group members are M users, because the C domain can't see the M domain.

We believe our domain setup is correct to meet C and M security requirements.

M users can use the toggle domain scope (uses session scope) if we give them the role, which allows the M user to assign the incident to an M user. However, toggling the domain scope for every incident is annoying and slows down M users. We thought of creating a display business rule with a script so that the default when viewing/updating an incident is the expanded (session) scope not the record scope.

Are there any other solutions or options that we should be considering?

Thanks in advance.

Kieran Anson · ‎03-03-2025

You could look to change the following system property and revert to "legacy" domain behaviour.

glide.sys.domain.use_record_domain_for_data

The following properties are then used (they're ignored if the above property is set to true) to control more granular behaviour.

glide.sys.domain.use_record_domain

glide.sys.domain.use_record_domain_for_client_scripts

glide.sys.domain.domain_change_notify

glide.sys.domain.no_change_roles

View solution in original post

Kieran Anson · ‎03-03-2025