This is an overview of domain separation and Discovery. Domain
separation enables you to separate data, processes, and administrative tasks into logical
groupings called domains. You can then control several aspects of this separation, including
which users can see and access data.
Overview
Support: Level 2
Domain separation is
supported in this application. Not all ServiceNow applications support domain
separation; some include limitations on the data and administrative settings that can be
domain separated. To learn more, see Application support for domain
separation.
How domain separation works in Discovery
Discovery implements data domain separation through the MID server by impersonating the MID
Server user during sensor processing. Discovery uses the domain that the MID Server user is
in to determine which domain the discovered data should be put into. Discovery configuration
information, including classifiers, identifiers, probes, and sensors, is not domain
separated.
Domain separation for MID Server files
You can create versions of these specific MID Server policy records that
only a MID Server from the same domain can use. This process separation is supported for records
in tables that extend MID Server Synchronized Files [ecc_agent_sync_file]:
- MID Server MIB File [ecc_agent_mib]
- MID Server JAR File [ecc_agent_jar]
- MID Server Script File [ecc_agent_script_files]
By default, all records in these tables are members of the global domain. A user can override
the default global domain and create a version of these policies for use in the user's own
domain.
Note: Attachments on MIB or JAR file records might not appear as they did in a non-domain
separated environment. The attachments do not appear because the
Attachments [sys_attachment] table is data
separated. When data is
separated between domains, a record in a child domain cannot access records in a parent
domain.
Domain separated tables
Records in all tables that extend the Base Configuration Item [cmdb] table can be domain
separated. In addition, records in these tables can also be domain separated:
- Serial Number [cmdb_serial_number]
- TCP Connection [cmdb_tcp]
- Fibre Channel Initiator [cmdb_fc_initiator]
- Fibre Channel Targets [cmdb_fc_target]
- IP Address to DNS Name [cmdb_ip_address_dns_name]
- Service [cmdb_ip_service_ci]
- KVM Virtual Device [cmdb_kvm_device]
- Load Balancer Service VLAN [cmdb_lb_service_vlan]
- Load Balancer VLAN Interface [cmdb_lb_vlan_interface]
- Switch Port [cmdb_switch_port]
