Domain Separation In Service-now

  • 1. MSP –Managed Service Providers

  • 2. It is a paid plugin, user needs a Maint Role to activate the plugin in your instance.

  • 3. It is a logically defined entity used to
    • 1. Separate Data

      2. Separate Process

      3. Administrative Tasks


  • 4. MSP deals with which user can see and access what data

  • 5. By structure Service now has a Single Tenant Architecture but by using MSP plugin it can be used as Multi-Tenant Architecture

  • 6. Multi-Tenant: It is a structure of application where single instance of the application serves multiple customers by sharing the application properties and a single database.

  • 7. Service now with MSP Plugin:
    • 1. Service now with MSP Plugin acts as a Multi-Tenant architecture where single instance serves multiple customers using single database.

      2. Each customer data is isolated and remains invisible to other customers.


  • 8. When we should not go with MSP Plugins-
    • 1. In case of total separation of all system properties

      2. Does not require the global reporting

      3. Does not require a single global processes


  • 9. System will not support the following tables from being domain Separated
    • Access Control [sys_security_acl]

      Script Includes [sys_script_include]

      System Property [sys_properties]

      Dictionary Entry [sys_dictionary]

      Dictionary Entry Override [sys_dictionary_override]


  • 10. Domain Scope:

  • Domain scope defines what users can(data) and cannot access(data) and how(Process).


      1. Session Scope Domain

      2. Record Scope Domain


      1. Session Scope Domain:


        a. User Domain

        b. User domain Picker Domain


      Session domain of users is nothing but the user record domain if we have the user domain and the domain picket domain is the same in case of not, session domain is the same like the domain which use has selected from domain picker.


      Users from parent domain they can change their session domain by changing from Domain picker.


      2. Record Scope Domain:


        a. It is nothing but the domain of that targeted record.


        By Default the record scope take precedence over the session scope


  • 11. We have following domains which has some special meanings.

    • Global Domain:


        a. All the records which we have before enabling the MSP plugin, are part of global domain.


        b. Guest user is a part of global.


      Default Domain:


        a. We can set any domain as a default domain but only one can be a default domain.


        b. If you set default domain in an instance, instance will replace the global domain with default domain whenever the record creation happens.


      Primary Domain:


        a. Only the domain which does not have parent can be set as primary domain.