Context and domain separation

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Context and Domain Separation

    The context of a user's session in ServiceNow is crucial as it determines the processes, data, and user interface elements the user interacts with. This context is shaped by user profiles, groups, and company criteria, which dictate the visibility of incidents and other data relevant to the user's home domain.

    Show full answer Show less

    Key Features

    • User Session Context: Defined by the user's home domain and any child domains, which automatically filter data in database queries.
    • Domain Picker: Allows users to select their home domain and child domains, impacting the data they can access.
    • Record Context: Activated when users access individual records, determining UI elements and processes based on the record's domain.
    • Service Account Context: Integrations also respect user session context, ensuring data access conforms to domain constraints.

    Key Outcomes

    By understanding and effectively managing context and domain separation, ServiceNow customers can ensure that users access only the relevant data for their specific domain. This enhances data security, streamlines user interactions, and supports integrations by maintaining consistent domain-based data access across the platform.

    The context of a user's session determines the processes, data, and user interface (UI) as the user browses through list views, home pages, reports, and knowledge articles. The context is determined by the processes that you create, the business rules that you set, your workflows, and other factors.

    User session context

    Many factors determine the context of a user session, such as user profiles, groups, company criteria, and so on. In the following diagram, you see that the incidents that a company has created are part of the context.

    User session context

    The user in this example has a home domain of Cloud Dimensions.

    1. The branding reflects the settings in the Cloud Dimensions domain and company record.
    2. The application navigator shows the items that are inherited from higher-level domains as well as the modules that are defined in the Cloud Dimensions domain.
    3. The home pages and list data reflect the data that is visible to the user. This data is based on the user’s session context. In this case, the user in the Cloud Dimensions domain can see the data in Cloud Dimensions, child domains, and the global domain.

    User session context starts in the home domain

    In the following diagram, you can see the elements of the context.

    User session context home domain

    The system administrator sets users' home domains on their user records. Typically, a user’s home domain is set to the same domain as their company’s domain. When the user logs in, the domain picker sets automatically to the user’s home domain. Users can return to their home domain at any time by clicking the arrow icon on the domain picker.

    The domain picker's list includes domains within the user’s session context. Users may further limit their session context by selecting child domains with the picker.

    The context of the user session includes the user's home domain and any child domains. This set of domains in the user’s session context is appended automatically to every query that is sent to the database. That way, the results are limited to just the data in these domains and global data. This process is embedded in the compiled code that is not accessible.

    Service accounts that are used for integrations also have user session context. There is user context and records context, each with its own data in its own domain. These contexts affect the integrations. Database queries (records) are limited in the same way as interactive users (users), meaning that they work as normal but are limited by whatever constraints the developer has configured.

    You can learn about additional ways to add domains to a user’s session context in Service provider reference architecture.

    Record context

    As a user drills into individual records, record context is activated. The record context determines the UI elements and processes to apply to the record.

    A record’s domain dictates the process, data, and the availability of UI elements within the record.
    Note:
    • Record context persists even if the user's domain changes.
    • Users can view records concurrently in multiple browser tabs, while maintaining their own record context.

    Record context