Issue
As per domain separation logic, if the user does not have access to the domain of the current record referenced in a field => The user can see the reference field display value. For example, sees the user name in the Assigned to field. However, it is observed the same is not honoured from Madrid release onwards.
Steps to Reproduce:
in Madrid
1. Create a child domain under TOP/ACME, named ACME-child
2. create a RITM in TOP/ACME/ACME-Child
3. From an existing sysapprover_approval record, export it and modify it to give the RITM's sysID as document ID
4. Also set its approver as ACME ITIL, who is in ACME domain. Set the Domain of this sysapprover_approval itself as TOP/ACME/ACME-Child
5. Import it
6. Go to ACME-Child domain and check the Approvers related list for the RITM, it will show empty user name
Do the same in London, you will see the users' name.
Release
Madrid and forward
Cause
This is an intended change on the platform. It was added from Madrid to maintain strict treatment of dot-walked values such that users can no longer see any data outside of their configured domain(s). Please note below the current scenarios:
When these conditions are met | The user has access to these UI elements |
---|---|
The user has access to the domain of the current record referenced in a field. |
The user can:
|
The user does not have access to the domain of the current record referenced in a field. |
The user can:
|
Resolution
There is no workaround for this, as this is expected behaviour. However, the Development team is working on a configurable solution for this. The idea is to expose reference display values where a given user is not otherwise in the correct domain. The fix for that is not yet finalised in any generally available releases.
Related Links
Please review NewYork documentation for Domain Scope to know more details on this.
There is still a way to overcome this, which is to set to system property glide.sys.domain.include_domain_condition_on_join to false. However, it is not recommended from ServiceNow and is strictly forbidden to make a modification. This is also cannot be edited by admin on customer instance, only a maint user likely can change.