SilverStorm Blog

How firms can separate data and process within ServiceNow?

Posted by David de Matias Batalla on Sep 22, 2017 1:04:10 PM
Find me on:

There are multiple approaches to separating data and process within ServiceNow. This article discusses how to choose the best option for your business requirements.

Many organizations want to separate data between different lines of business, departments, regions, or companies. Sometimes different areas of the business may even want to separate their processes, workflows, and user interfaces. ServiceNow offers the following data and process separation options from simplest to most complex.

Filters

Filters offer a very simple, flexible, and useful way to visually separate data by limiting the records a query returns. For example, the Incident > Open module uses a filter to display only the incidents where the Active field is set to true. Filters are available for every ServiceNow list.

Filters show only relevant data. You can create filters with simple interface controls, or use JavaScript functions to return dynamic data sets. One example of a dynamic data set is a list of My open incidents, where My brings back only the incidents assigned to the user who is currently logged in.

Filters do not prevent users from seeing other data in the instance. Users who click the breadcrumbs at the top of the screen or issue a query with a different filtercan see the full data set. This is often the desired behavior since it allows users to quickly navigate to relevant data and grants them permission to see any data they like through filter customization.

System Security

System security allows you to determine what data users can access. Use contextual security rules to dictate access controls such as requiring only users with with the problem_manager role to see problem records. You can also use contextual security to dictate whether users can read, write, create, update, and delete records or fields.

Contextual security allows you to apply dynamic rules. For example, the user who creates a change request cannot be the user who approves the request. System security enforces role-based security settings.

Domain Separation

Domain separation does two things:

  1. Separates data
  2. Separates administration (workflow, policy, and UI definition)

Domain separation is best for those organizations that want to:

  • Enforce data separation between business entities.
  • Customize business process definitions and user interfaces for each domain.
  • Use a single instance of ServiceNow to maintain global processes and global reporting.

Domain separation is extremely well suited for managed service providers (MSPs) and global enterprises with unique business requirements in various areas of the world. Domain separation is incredibly powerful and flexible but requires ongoing discipline to ensure that new domains do not conflict with existing domains.

Separate Instances of ServiceNow

Providing separate instances for each business unit or entity creates completely unique environments with separate databases. Separate instances of ServiceNow provide each business entity the most configuration and customization flexibility.

This arrangement works well when:

  • There is no commonality in business process definition between business units.
  • There is no desire to share data or report globally across business units.

You can request additional instances from HI.

Legacy: Company Separation

When you activate the Company Separation plugin, users with a company value in their user record can only see data for their company and its child companies.

Company separation applies to any table that has a Company or u_company field. For example, the task table has a Company field, so a user in Company A can see only those tasks (such as incidents, change requests, and problems) that are assigned to Company A or Company A's hierarchical children.

To make company separation apply to a table that does not have a Company field by default, create a custom Company field on that table. Users who do not have a company value on their record in the User [sys_user] table are not restricted by company separation.

Company separation is best for organizations that want data separation but do not need the process or UI separation of a domain-separated implementation.

 

how to resolve security threats fast.jpg

 

More Information

Source: ServiceNow

Topics: CIO, customerservice, HR, Technology, CSM, Cloud, CEO, SaaS, Digitaltransformation, SilverStorm, ServiceNow, report, servicemanagement, devops, agile

SilverStorm Solutions

SilverStorm bridges the gap between the strategy and the transition for business-orientated service management. We listen to what our customers want to achieve; their success is what as a company, and, as an individual, counts.
 
We deliver next-generation service management as part of the digital transformation that our customers wish to achieve. We innovate by adopting disruptive technologies that focus on the business operation and the IT infrastructure. We solve our customers' challenges to create business services that manage heterogeneous environments across a hybrid platform.
 
Our DNA does not permit us to settle for anything less than excellence within every group of the company.

Subscribe to Email Updates

Recent Posts