Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Domain Separation and Discovery

Log in to subscribe to topics and get notified when content changes.

Domain Separation and Discovery

This is an overview of domain separation and Discovery. Domain separation enables you to separate data, processes, and administrative tasks into logical groupings called domains. You can then control several aspects of this separation, including which users can see and access data.


Support: Level 2

Domain separation is supported in this application. Not all ServiceNow applications support domain separation; some include limitations on the data and administrative settings that can be domain separated. To learn more, see Application support for domain separation.

How domain separation works in Discovery

Discovery implements data domain separation through the MID server by impersonating the MID Server user during sensor processing. Discovery uses the domain that the MID Server user is in to determine which domain the discovered data should be put into. Discovery configuration information, including classifiers, identifiers, probes, and sensors, is not domain separated.

Domain separation for MID Server files

You can create versions of these specific MID Server policy records that only a MID Server from the same domain can use. This process separation is supported for records in tables that extend MID Server Synchronized Files [ecc_agent_sync_file]:
  • MID Server MIB File [ecc_agent_mib]
  • MID Server JAR File [ecc_agent_jar]
  • MID Server Script File [ecc_agent_script_files]

By default, all records in these tables are members of the global domain. A user can override the default global domain and create a version of these policies for use in the user's own domain.

Note: Attachments on MIB or JAR file records might not appear as they did in a non-domain separated environment. The attachments do not appear because the Attachments [sys_attachment] table is data separated. When data is separated between domains, a record in a child domain cannot access records in a parent domain.

See Set up domain separation for MID servers for instructions on setting up domain separation through the MID server.

Domain separated tables

Records in all tables that extend the Base Configuration Item [cmdb] table can be domain separated. In addition, records in these tables can also be domain separated:
  • Serial Number [cmdb_serial_number]
  • TCP Connection [cmdb_tcp]
  • Fibre Channel Initiator [cmdb_fc_initiator]
  • Fibre Channel Targets [cmdb_fc_target]
  • IP Address to DNS Name [cmdb_ip_address_dns_name]
  • Service [cmdb_ip_service_ci]
  • KVM Virtual Device [cmdb_kvm_device]
  • Load Balancer Service VLAN [cmdb_lb_service_vlan]
  • Load Balancer VLAN Interface [cmdb_lb_vlan_interface]
  • Switch Port [cmdb_switch_port]