This is an overview of domain separation and the CMDB Identification and Reconciliation
separation enables you to separate data, processes, and administrative tasks into logical
groupings called domains. You can then control several aspects of this separation, including
which users can see and access data.
This topic explains how domain
separation is enforced during the
CMDB Identification and
process. In addition
this topic addresses how domain separation is applied to the Identification and
Reconciliation rules.Domain separation is
supported in this application. Not all ServiceNow applications support domain
separation; some include limitations on the data and administrative settings that can be
domain separated. To learn more, see Application support for domain
How domain separation works in Identification and Reconciliation
Domain separation in the identification engine is enforced as soon as users activate the
domain separation plugin.
Domain separation during the Identification and Reconciliation Process
- Domain separation during the Identification/Reconciliation process is enforced through
the domain ID.
- Domain IDs do not need to be explicitly sent in the input payload of the
identification engine APIs. Internally, the identification engine causes the current
domain ID of the user to call the identification engine APIs.
- Only CIs that have the same domain ID as the currently logged-in user's domain
display during matching.
- During matching, if no records are found and a CI needs to be inserted, the CI’s
domain ID is the same as the domain ID of the currently logged-in user’s
- During matching, if duplicates are found, De-Duplication tasks created in the
[reconcile_duplicate_task] table, have the same domain ID as those of the duplicate
- Duplicate CIs that exist across domains (including parent and child domains) are
not considered as duplicate CIs by the identification engine.
- During matching, if reclassification of the CI is not allowed, reclassification
tasks are created in the [reclassification_task] table, with the same domain ID as
the CI for which reclassification is needed.
Domain separation and Identification Rules
- The identification rules and identification inclusion rules used during the
identification process are always defined at the global level. For example, the tables
below do not have a sys_domain field:
- Identifier (cmdb_identifier), Identifier Entries (cmdb_identifier_entry), Related
Entries (cmdb_related_entry), and Identification Inclusion Rules
Domain separation and Reconciliation Rules
- The reconciliation definition rules and data source precedence rules that are used
during the reconciliation process can be defined for different domains. For example, the
tables below do have sys_domain, sys_overrides, sys_domain_path fields:
- Reconciliation Definition (cmdb_reconciliation_definition), Datasource Precedence
(cmdb_datasource_precedence), and Data Source Staleness Definitions