Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Domain separation in CMDB Identification and Reconciliation

Log in to subscribe to topics and get notified when content changes.

Domain separation in CMDB Identification and Reconciliation

This is an overview of domain separation and the CMDB Identification and Reconciliation feature. Domain separation enables you to separate data, processes, and administrative tasks into logical groupings called domains. You can then control several aspects of this separation, including which users can see and access data.


This topic explains how domain separation is enforced during the CMDB Identification and Reconciliation process. In addition this topic addresses how domain separation is applied to the Identification and Reconciliation rules.

Domain separation is supported in this application. Not all ServiceNow applications support domain separation; some include limitations on the data and administrative settings that can be domain separated. To learn more, see Application support for domain separation.

How domain separation works in Identification and Reconciliation

Domain separation in the identification engine is enforced as soon as users activate the domain separation plugin.

Domain separation during the Identification and Reconciliation Process

  • Domain separation during the Identification/Reconciliation process is enforced through the domain ID.
    • Domain IDs do not need to be explicitly sent in the input payload of the identification engine APIs. Internally, the identification engine causes the current domain ID of the user to call the identification engine APIs.
    • Only CIs that have the same domain ID as the currently logged-in user's domain display during matching.
    • During matching, if no records are found and a CI needs to be inserted, the CI’s domain ID is the same as the domain ID of the currently logged-in user’s domain.
    • During matching, if duplicates are found, De-Duplication tasks created in the [reconcile_duplicate_task] table, have the same domain ID as those of the duplicate CIs.
    • Duplicate CIs that exist across domains (including parent and child domains) are not considered as duplicate CIs by the identification engine.
    • During matching, if reclassification of the CI is not allowed, reclassification tasks are created in the [reclassification_task] table, with the same domain ID as the CI for which reclassification is needed.

Domain separation and Identification Rules

  • The identification rules and identification inclusion rules used during the identification process are always defined at the global level. For example, the tables below do not have a sys_domain field:
    • Identifier (cmdb_identifier), Identifier Entries (cmdb_identifier_entry), Related Entries (cmdb_related_entry), and Identification Inclusion Rules (cmdb_ie_active_config).

Domain separation and Reconciliation Rules

  • The reconciliation definition rules and data source precedence rules that are used during the reconciliation process can be defined for different domains. For example, the tables below do have sys_domain, sys_overrides, sys_domain_path fields:
    • Reconciliation Definition (cmdb_reconciliation_definition), Datasource Precedence (cmdb_datasource_precedence), and Data Source Staleness Definitions (cmdb_datasource_staleness).