Data separation: Enables tenants of the domain to see only data that they have permissions to see.
- Users, including the customer accounts that are used for integrations, see only the data in the domains they have permission to access.
- Customers, agents, and fulfillers see data that pertains to the customers and organizations that they support.
UI separation: Supports a tenant-specific experience for UI elements such as views, lists, labels, and so on.
- You can override the browser-based user interface, including application menus, lists, forms, and dashboards.
Logic separation: Creates tenant-specific system policies such as email notifications, business rules, client scripts, UI policy, and UI actions.
Hierarchical modeling: Nests your multiple tenants so that parent tenants can access child tenant resources. Business logic for parent tenants runs automatically for child tenants, which you can override at any level.
You can't separate some global standards and properties, such as system properties and table schema, per tenant.
User records are assigned a domain value that represents the user’s home domain. Users have no access to data in parent domains, peer domains, or domains in other branches of the hierarchy.
Process Flows down (Parent's flow is inherited to child domain)
Data flows up (Child's data can be accessed by parent domain)
Tasks and users without a domain are placed in the default domain automatically when you create or update domains. You can override that action by either clearing the Default option on this record or selecting the Default option on another domain record. If you have not set a default domain yet, tasks and users with no domain move to the global domain.
Global records are available to all users of the instance unless they are restricted by security configurations.
- Use the default domain to make sure that records do not end up in the global domain on tables that should never have global records.
- Instance owners must then triage the records in the default domain and move them to the correct domain.
