In today’s interconnected digital landscape, managing multiple customers or departments within a single platform without compromising security or efficiency is a challenging task. ServiceNow’s Domain Separation is a powerful solution that enables organizations to host multiple tenants in a single instance while ensuring data isolation and personalized user experiences.
Understanding domain separation:
ServiceNow’s Domain Separation is like setting up individual offices in a co-working space. Each tenant has their own space with individual amenities while sharing common facilities. Similarly, ServiceNow allows companies to partition data into different domains to ensure data privacy and customization while leveraging shared platform resources.
When should you consider separating domains?
Companies can use the following points to decide whether domain separation meets their requirements or whether a single instance is more suitable:
- Logical data separation
- Assessment of scalability
- Compatibility with the platform
- Process differences
- Requirements for the administration
Data separation:
Data segregation ensures that data within ServiceNow is split into different domains to prevent users from accessing data outside their assigned domain. This is achieved by using the sys_domain column in tables, with around 1000 tables in the base platform already domain-separated by default. The implementation involves adding the sys_domain field to custom tables and configuring access permissions accordingly. Users can only view data within their home domain and its subordinate domains that follow a hierarchical structure.
Process separation:
Process separation or delegated administration allows companies to customize processes and configurations independently for each domain. This separation is achieved through the sys_overrides in domain-specific tables. If a table contains both the fields sys_domain as well as sys_overrides it can be set up so that it executes different processes compared to its parent domain. The objects that can be processed separately are
- Business rules
- Client scripts
- UI guidelines
- UI actions
- E-mail notifications
- SLA
- Authorization rules
- Rules for the assignment
- Forms
- Lists
- Related lists
- Selection lists
Contains and visibility domains:
Contains domains establish a relationship between domains and enable the shared use of data regardless of the hierarchy. This means that users from one domain can access data from another domain that contains it. This only applies to data, not to processes.
Visibility domains grant certain users or groups access to data outside their hierarchical scope, so that data access is guaranteed as required. Visibility rules can be used with contains relationships or separately.
Best practices and considerations:
- Performance: Limit the number of domains to avoid performance losses.
- Domain hierarchy: Avoid frequent changes to the domain hierarchy in order to minimize system load and possible disruptions.
- Domain logs: Check the domain logs regularly for errors or warnings, especially after updates or recalculations of the domain hierarchy.
- Default domain: Always set a default domain to prevent data records from being accidentally placed in the global domain.
- Contains and user/group visibility: Minimize the use of domain contents and user/group visibility to avoid performance degradation.
Conclusion:
Domain separation in ServiceNow provides a versatile solution for organizations looking to effectively manage multi-tenancy scenarios. By implementing best practices and understanding the nuances, organizations can leverage the power of domain separation to improve security, efficiency and user satisfaction in their ServiceNow environment.
Our ServiceNow team has gained experience from many different projects and knows what is important for a successful implementation. Contact us without obligation and let us see if we can support you in implementing and optimizing ServiceNow in your company.
