In ServiceNow, domain separation allows organizations to segregate data, processes, and administrative tasks into logical groupings called domains1. This is particularly useful for ManagedService Providers (MSPs), where multiple organizations or customers use the same ServiceNow instance but require isolation from each other2.
When a user has the ITIL role within the MSP domain, they inherently have that role across all domains they have access to. This is because roles in ServiceNow are global by default, meaning they apply across all domains unless specifically restricted31. The ITIL role is a set of permissions that typically includes the ability to manage incident, problem, and change records, which are fundamental to IT service management.
The other options, such as being granted the Admin role in other domains (B), administering other domains by granting the Domain Admin role ©, or being restricted to self-service in other domains by granting the Self-Service role (D), are actions that require explicit configuration by an administrator with the appropriate level of access and are not automatic outcomes of having the ITIL role in the MSP domain4.
It’s important to note that while the ITIL role may be global, access to specific records and the ability to perform certain actions can still be controlled within each domain through ACLs (Access Control Lists) and other domain-specific configurations1.
Submit