This blog will explain to you the basic concept of domain separation. What is the purpose of domain separation? How it can be configured in the ServiceNow platform based on the business needs? What all modules are present and how domain hierarchy works?
What is ServiceNow Domain separation?
Domain separation is a way to separate data into (and optionally to separate administration by) logically-defined domains. Domain separation is extremely well-suited for Managed Service Providers (MSPs) and global enterprises with unique business requirements in various areas of the world.
Global Companies with unique business requirements for different parts of the world can segment and customize their instances.
Why ServiceNow Domain separation?
ServiceNow Domain separation is best for those customers who:
- Need to enforce absolute data segregation between business entities (data separation).
- Customize business process definitions and user interfaces for each domain (delegated administration).
- Maintain some global processes and global reporting in a single instance.
- Separate data between service providers, customers, partners, or sub-organizations.
- Have minor or moderate process differences among customers.
ServiceNow Domain separation compared to separate instances
While ServiceNow domain separation provides multi-tenancy support, multi-tenancy is still contained within a single instance. Some global properties, data, and processes are shared across all domains. For example, having the system Remember me on the login page of the system is global and cannot be specified per domain.
If you need complete and total separation of all system properties and do not require global reporting or global processes, then separate instances are the best option.
What can be separated?
In general, the instance has some global properties, data, and processes that are shared across all domains. But since domain separation is a concept of organizing different processes for different departments of an organization, below are a few points that explain what can be separated using domain separation:
- Each domain can have its own set of data that other domains cannot see. Tenants can be granted access to other tenant data but can’t query tenant data that they don’t have access to. Users, including the customer accounts that are used for integrations, see only the data in the domains they have permission to access. Customers, agents, and fulfillers see data that pertains to the customers and organizations that they support.
- Each domain in a ServiceNow Instance can have unique functions and processes. Creates tenant-specific system policies such as email notifications, business rules, client scripts, UI policy, and UI actions.
- Each domain in the instance can have a different user interface. Supports a tenant-specific experience for UI elements such as views, lists, labels, and so on.
Service providers can alter the displayed branding and UI elements to meet individual customer needs.
Domain Hierarchy
Domain hierarchies help to organize multiple domains and define the relationships between them. It also established parent/child relationships between domains.
Below shows a brief about domain hierarchy.
Data Separation Vs Process Separation
Data separation is enforced at the database level through the use of the sys_domain column in tables. To make a customer table domain-separated, add the sys_domain field to the table. When a customer logs n under a domain and pulls up a domain-separated table, the system uses built-in queries to pull data only from that domain.
Process separation is enabled through the use of sys_overrides column. Any table that contains both the sys_domain and sys_overrides field can be configured to have different processes from the parent domain. We can choose to not separate data just processes.
System policies functions can be domain-specific:
- Assignment rules
- Approval rules
- SLA management
- Inactivity monitors
- Email Notifications
- Business Rules
- Client Scripts
- UI Policies
- UI Actions
Forms, lists, Related Lists, and Choice lists can also be domain-specific. Service providers can even customize the branding and user interface elements for a domain.
Controlling Visibility
The domain_contains table allows users of a domain (the ‘containing’ domain) to see data from another domain (the ‘contained’ domain). This applies to data only not processes.
The sys_user_visibilty and sys_user_group_visibilty tables allow specific users or groups to view data for a domain that they couldn’t otherwise access in the hierarchy.
Configure ServiceNow Domain Separation
End-users can raise a support ticket in their instances to get domain separation configured as per their need.
As a developer to set up the Domain Separation, Admin needs to activate the plugin “Domain Support-Domain Extensions Installer” through the developer instance by using the URL – https://developer.servicenow.com/dev.do
Wait for some time to get the plugin activated to your instance.
Once activated, one can see the ‘Domain Admin’ application menu in the Application Navigator.
Make use of the ServiceNow Domain Admin application
Domains Module: –
- Through this, the admin can create a new domain as per requirement.
- Also, the admin can make changes in the existing domain.
- While creating a domain admin should keep in mind that: –
- There can be only one primary domain
- There can be only one default domain
Domain Map Module
- Domain Map shows the graphical representation of the domains.
- This map shows the Primary, Parent, and Default domains in the hierarchy.
- OOTB ServiceNow has provided Top as a primary domain and Default as a default domain.
- Let’s have a look at some demo domains under domain hierarchy as below:
How to select a domain?
Enabling the Domain picker through system settings enables the Domain selector by default. Through Domain selector one can select a domain from the list of available Domains.
Important note
Some tables and applications should never be domain-separated. When the domain Separation plugin s activated, the system adds the following tables as non_domain_separatable:
- Security Black/White list entities
- ACLs
- Dictionary
- System Properties
- Script Includes
Conclusion
In this blog, we stated a brief idea on what is domain separation, some use cases, and how it can be configured in any instance. Let’s have a summary of what we have seen so far:
- A Domain hierarchy is a structure of domains within an instance.
- System policy functions can be defined globally or specifically for a particular domain.
- Global processes apply to all children.
- A caution everyone should consider is to challenge yourself on why you can’t live on a single instance without domain separation prior to making the decision to move forward. If you are close to the baseline and do not have complex needs for your company, domain separation may be the answer for you.
Thanks For Reading
Read More on Aelum Blogs
Author: Mokara Harish
Designation: ServiceNow Developer
Very helpful, worth reading.