Domain separation explained

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Domain Separation Explained

    Domain separation allows for the segregation of application data, user interface (UI), and business logic within a single ServiceNow instance. This capability enhances efficiency, security, and performance for various customer tenants while supporting specific hierarchical structures. However, it also introduces management complexities and cannot separate certain global standards.

    Show full answer Show less

    Key Features

    • Data Separation: Ensures that tenants can only access data they are authorized to view, enhancing data security.
    • UI Separation: Creates a tailored tenant-specific user experience by customizing UI elements like menus and dashboards, while retaining core process logic.
    • Business Logic Separation: Allows for the creation of tenant-specific policies, such as notifications and business rules.
    • Hierarchical Modeling: Supports nested tenant structures, enabling parent tenants to manage child tenants and their resources.
    • Cross-Tenant Intelligence: Facilitates automatic handling of data and business logic across tenants with shared access.

    Key Outcomes

    Implementing domain separation enables service providers to efficiently and securely manage a multitenant architecture. This leads to improved governance, centralized administration, and the ability to customize services for individual clients. By adhering to best practices, organizations can maximize the benefits of domain separation while ensuring robust process standards and data integrity.

    With domain separation, you can segregate application data, UI, and business logic, such as rules or workflows, in a single customer instance. Separating these elements into logically defined domains supports specific hierarchies for all customers using your applications.

    Domain basics

    Domain separation, also known as ServiceNow multitenant platform architecture, adds considerable overhead to the management of an instance. If you use domain separation correctly though, it can improve efficiency, add greater security, and increase the performance of your customers' instances.

    You can't separate some global standards and properties, such as system properties and table schema, per tenant.

    Before you start separating domains, read the following guidelines.

    What you can do with domain separation

    • Data separation: Enables tenants of the domain to see only data that they have permissions to see. Tenants can be granted access to other tenant data but can't query tenant data that they don't have access to.
      • When you update data records, they do not generate Update Set records.
      • Users, including the customer accounts that are used for integrations, see only the data in the domains they have permission to access.
      • Customers, agents, and fulfillers see data that pertains to the customers and organizations that they support.
    • UI separation: Supports a tenant-specific experience for UI elements such as views, lists, labels, and so on.
      • You can override the browser-based user interface, including application menus, lists, forms, and dashboards. You can also customize them for a specific domain or set of domains while preserving your basic process logic.
      • Service providers can alter the displayed branding and UI elements to meet individual customer needs.
    • Business logic separation: Creates tenant-specific system policies such as email notifications, business rules, client scripts, UI policy, and UI actions.
    • Hierarchical modeling: Nests your multiple tenants so that parent tenants can access child tenant resources. Business logic for parent tenants runs automatically for child tenants, which you can override at any level.
    • Cross-tenant intelligence: Automatically handles data, metadata, business logic, and processing context for tenants with access to additional tenant data.

    Domain separation at a glance

    The following graphic shows the division of data, process, and UI separation. These concepts are discussed in depth in the Recommended Practices section.

    Types of domain separation

    Domain architecture

    User records are assigned a domain value that represents the user’s home domain. Users have no access to data in parent domains, peer domains, or domains in other branches of the hierarchy.

    See Contains queries and domain access for advanced options to grant additional domain visibility.

    The following diagram shows how the architecture process flows down to the child domains. Process flows down Data rises up