- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi everyone,
I’m currently preparing for the ServiceNow CAD exam and have been exploring different study resources such as the developer docs, learning modules, and hands-on practice in my personal instance. Recently, I’ve started focusing more on real-scenario questions to strengthen my understanding of application design, data modeling, and best practices.
One scenario I’ve been practicing:
If you are building a custom application that needs to manage multiple related records with strict security controls, what’s the best approach to ensure proper data separation and performance? Should you use multiple related tables, create a scoped application with custom ACLs, or rely on platform encryption and delegation?
If anyone who has already cleared the CAD exam or has experience designing custom applications can share insights, it would be really helpful. Any practical advice or best practices would support my preparation journey.
Thank you!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hello — thanks for opening this discussion.
From experience and what’s generally considered best practice: it’s usually best to design separate tables under a scoped application and enforce granular ACLs (table- and field-level) for strict data separation and security. This approach gives you clear boundary control (who sees what), avoids mixing different record types in one table, and keeps performance and data integrity manageable. Additional measures like encryption or delegated data access are helpful but should be considered complements — not replacements — to good schema design and ACL strategy.
Good luck with your studies, and happy to discuss further scenarios if you like.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hello — thanks for opening this discussion.
From experience and what’s generally considered best practice: it’s usually best to design separate tables under a scoped application and enforce granular ACLs (table- and field-level) for strict data separation and security. This approach gives you clear boundary control (who sees what), avoids mixing different record types in one table, and keeps performance and data integrity manageable. Additional measures like encryption or delegated data access are helpful but should be considered complements — not replacements — to good schema design and ACL strategy.
Good luck with your studies, and happy to discuss further scenarios if you like.
