Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Home Madrid Now Platform Administration Now Platform Administration Platform security Domain separation Understanding domain separation
  • Versions
  • Products

Contents

Understanding domain separation

Log in to subscribe to topics and get notified when content changes.

SAVE AS PDF

Understanding domain separation

With domain separation you can separate data, processes, and administrative tasks into logically defined domains.

Domain separation is best for those customers who:

  • Need to enforce absolute data segregation between business entities (data separation).
  • Customize business process definitions and user interfaces for each domain (delegated administration).
  • Maintain some global processes and global reporting in a single instance.
  • Separate data between service providers, customers, partners, or sub-organizations.
  • Have minor or moderate process differences among customers.

Domain separation compared to separate instances

While domain separation provides multi-tenancy support, multi-tenancy is still contained within a single instance. Some global properties, data, and processes are shared across all domains. For example, having the system Remember me on the login page of the system is global and cannot be specified per domain.

If you need complete and total separation of all system properties and do not require global reporting or global processes, then separate instances are the best option.

Data separation

Members of a domain see only the data contained within their domain or the child domains that are lower in the domain hierarchy. By default, all users and all records are members of the global domain unless an administrator assigns them to a particular domain. Once you assign a user or a record to a domain, the instance compares the user's domain to the record's domain to determine whether the user can view the record.

ServiceNow applications are defined with the following incremental support levels. These levels are based on the perspective of actual use cases and personas.

Data Separation: Tenants see only data that they have permissions to see. Tenants can be granted access to other tenant data, but cannot query tenant data if they don't have access.

UI Separation: Supports a tenant-specific experience for UI elements such as views, lists, labels, and so on.

Business Logic Separation: You can create tenant-specific system policies such as email notifications, business rules, client scripts, UI policy, and UI actions.

Hierarchical Modeling: Nested-multi-tenancy so parent tenants can access child tenant resources. Business logic for parent tenants runs automatically for child tenants, and can be overridden at any level.

Cross-Tenant Intelligence (Domain Scope): Handles automatically the data, metadata, business logic, and processing context for tenants that have access to additional tenant data.

In general, data defined at a higher level in the domain hierarchy is not visible at lower levels in the hierarchy.

Sample domain separation hierarchy

Domain path migration

Domain paths are used for all customers. Domain numbering is not used. ServiceNow support can assist in the upgrade.

Alternatives to domain separation

Separate instances are a common alternative to domain separation. This provides a great degree of flexibility in meeting the requirements for customers and stakeholders with little to no impact on others.

Alternatives to domain separation
Warning: Before activating domain separation, consult your representative to verify that it is suitable for your environment. Domain separation adds a level of administration overhead. Although it can be disabled, it cannot be removed from an instance.
Send Feedback
Feedback