This article describes how to identify the origin of a ServiceNow artifact. For example, if an ACL or a business rule is part of a scoped application, you can check what package these artifacts come from.
The basic procedure is to go to the sys_metadata table and search for the application file (in this format, sys_security_acl_<sys_id>), and add the Package field to the list view. This will show you where an application file derives from.
Right-click the record and copy the sys_id.
In the filter navigator, search for sys_metadata_list to go to the sys_metadata table.
Check the filter condition.
Add the Package field to the list view.
This will show you where an application file derives from.
You will get all the information about the origin of the ServiceNow artifact.