Domain separation and Cloud Provisioning and Governance

  • Release version: Australia
  • Updated March 12, 2026
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Domain Separation and Cloud Provisioning and Governance

    Domain separation in Cloud Provisioning and Governance allows for the logical grouping of data, processes, and administrative tasks into distinct domains. This feature lets Service Providers (SPs) control data visibility and access based on user roles, ensuring that only authorized users can access specific data within their domains. The application supports runtime domain separation, which is crucial for managing multiple customers efficiently.

    Show full answer Show less

    Key Features

    • Data Segregation: SPs can separate data for multiple customers, ensuring relevant customer data remains contained within their respective domains.
    • Domain Assignment: User accounts must be assigned to a specific company domain, ensuring that all related entities, such as cloud accounts and service accounts, reside in the same domain.
    • Visibility Control: Users can only view records within their domain or child domains, maintaining data privacy across different customers.
    • Plugin Activation: Essential plugins such as Domain Support and Service Catalog Domain Separation must be activated for domain separation functionality.
    • Customizable Views: Domain and Domain Path fields can be added to list views by domain admins for better data management.

    Key Outcomes

    Implementing domain separation enhances data governance and security for SPs by ensuring that each customer's data is appropriately isolated. This setup allows for tailored service offerings while maintaining a clear hierarchy of data access. Users will only see and manage data relevant to their assigned domains, increasing operational efficiency and compliance.

    Domain separation is supported in Cloud Provisioning and Governance. Domain separation enables you to separate data, processes, and administrative tasks into logical groupings called domains. You can control several aspects of this separation, including which users can see and access data.

    Support level: Basic

    • Business logic: Ensure that data goes into the proper domain for the application’s service provider use cases.
    • The application supports domain separation at run time. The domain separation includes separation from the user interface, cache keys, reporting, rollups, and aggregations.
    • The owner of the instance must set up the application to function across multiple tenants.

    Sample use case: When a service provider (SP) uses chat to respond to a tenant-customer’s message, the customer must be able to see the SP's response.

    For more information on support levels, see Application support for domain separation.

    Cloud Provisioning and Governance domain separation overview

    All tables in Cloud Provisioning and Governance are not domain separated. Delegated domain separation is not supported.

    Domain separation for Cloud Provisioning and Governance supports:

    Service Providers (SPs) using the application to provide data separation.
    In this scenario, SPs can provide data separation to multiple customers, where domains are necessary to contain all relevant customer data and processes. For example, an SP provides support to customers who typically use Cloud Provisioning and Governance to manage their IT infrastructure on the cloud. SPs can provide catalogs, template profiles, resource pools, and filter, resource profiles, quotas, permissions, IP address management (IPAM), lease and business hours scheduling, and a view to billing, as domain-separated offerings to their customers.

    How domain separation works in Cloud Provisioning and Governance

    Domain separation for Cloud Provisioning and Governance aligns one or more companies to a domain. To use domain separation with the application, assign all user accounts to a specific company associated with that domain.

    All entities that are related to the company, such as cloud accounts and service accounts, are created in the same domain as the company. When a new company is created, create a domain with a unique name and assign it to the company. All related entities for an account, such as contacts and cases, must reside in the same domain. When you create a related entity for a domain-separated account, the entity is assigned to the company domain.

    Members of a domain can only view the data that is contained within their domain or child domains that are lower in the domain hierarchy. By default, all users and all records are members of the global domain unless you assign them to a particular domain. Once you assign a user or a record to a domain, the instance compares the user's domain to the record's domain to determine whether the user can view the record.

    Service Providers (SPs) use domain separation to segregate data for each customer. Users in a given domain can only view the data in their own domains or in child domains. SPs typically control the top-level domain, which allows them to view data that is associated with all domains. Don't delegate administration to cloud admin users of the child domains in Cloud Provisioning and Governance.

    Set up domain separation for Cloud Provisioning and Governance

    Ensure that you activate the following plugins:
    Domain Support - Domain Extensions Installer plugin (com.glide.domain.msp_extensions.installer) to enable domain separation in Cloud Provisioning and Governance
    Service Catalog - Domain Separation plugin (glideapp.servicecatalog.domain_separation) to enable separation of catalog items in different domains in Cloud Provisioning and Governance

    Changes to Cloud Provisioning and Governance tables

    Domain separation for Cloud Provisioning and Governance adds the Domain and Domain Path fields to the list views. These fields are not exposed by default. As a domain admin you can customize lists and forms to view these fields. Not all tables in Cloud Provisioning and Governance are domain separated. While some top-level tables are domain separated, several child tables are not domain separated. However, this does not impact how the Cloud Provisioning and Governance application works in a domain-separated context.

    Account domains and related entities

    When you create related entities for an account, the domain for the related entities is set to the account domain.

    Domain visibility for cloud administrators and users

    Manually assign users with the Cloud User Portal (sn_cmp.cloud_service_user) roles and Cloud Admin Portal (sn_cmp.cmp_root_admin) roles for each domain to the TOP/MSP/Default/Company or leaf domain. Domain administrators and users in Cloud Provisioning and Governance can only view data in the domain that they are created in, until they are assigned to the TOP domain. The Top domain represents a single common parent domain, which acts as a single parent node, for the Service Provider domains.

    Next Steps

    For more information on creating, implementing, and maintaining domain separation for Cloud Provisioning and Governance services in the instance you are setting up for your customers, see Domain separation in Cloud Provisioning and Governance - considerations for service providers.