ServiceNow CAD: Application Development, Scripting, and Platform Customisation

ServiceNow applications are collections of tables, forms, scripts, and UI components. Global scope vs scoped applications: global scope has no namespace isolation — scripts can access any table and object, maximum flexibility but no isolation. Scoped applications (best practice): have a unique namespace prefix (e.g., x_companyname_appname), restricted to their own tables and resources by default, can explicitly share APIs to other scopes via Script Includes. Studio IDE: the browser-based development environment for scoped applications — create application from scratch or fork from ServiceNow Store, view all application files in one place, link to source control (Git — Studio integrates with GitHub, GitLab, Bitbucket). Application files: tables (data model), forms (UI layout), business rules (server-side logic), client scripts (browser-side logic), script includes (reusable server-side libraries), UI actions (custom buttons and context menu items), ACLs (access control rules), scheduled jobs (recurring automation), integration configurations (REST messages, MID Server connections).

ServiceNow data model design for CAD. Table creation: define fields (name, type — string, integer, boolean, reference, glide_date, glide_duration, list, choice), set display value, configure field attributes (mandatory, read-only, max length). Table inheritance: extend an existing table (the new table inherits all columns of the parent — useful for adding custom fields to out-of-the-box tables without modifying the base table). Reference fields: link records across tables via a foreign key — reference qualifier filters which records are selectable in the reference field (dynamic: computed JavaScript, fixed: GlideRecord query string). Dot-walking: access fields from referenced tables in scripts and reports — task.assigned_to.department.name follows reference chains. ACLs (Access Control Rules): control who can read, write, create, or delete records and fields. ACL evaluation: record-level ACL checks if the current user can access the record; field-level ACL checks individual field visibility and write access. ACL conditions: role condition (user must have role), condition script (JavaScript returning true/false), advanced script (more complex logic). Order matters: more specific ACLs (field-level) take precedence over less specific (record-level).

Business Rules are the primary server-side scripting mechanism. Business Rule properties: table (which table triggers the rule), trigger conditions (when — Before/After/Async/Display, operation — Insert/Update/Delete/Query). When to use each timing: Before rules run before database operation — modify field values before save, validate input, abort the operation with current.setAbortAction(true). After rules run after database operation — create related records, trigger notifications, log changes. Async rules run in background after response returned — for long-running operations that should not block the user. Display rules run on record read — modify UI display only, not saved to database. Script: access the current record with 'current' GlideRecord object. GlideRecord API: current.field_name.getValue(), current.field_name.setValue(), current.field_name.getDisplayValue(). GlideRecord query: var gr = new GlideRecord('incident'); gr.addQuery('state', 1); gr.query(); while(gr.next()) { ... }. Script Includes: reusable server-side JavaScript classes — callable from Business Rules, Scheduled Jobs, REST Scripted APIs. Always use Script Includes for shared logic rather than duplicating code in multiple Business Rules.

ServiceNow integrations for CAD. Inbound REST (Table API): ServiceNow's built-in REST API exposes all tables — GET /api/now/table/incident returns incidents, POST creates a new record, PATCH updates. Authenticate with basic auth or OAuth 2.0. Scripted REST API: create custom API endpoints within your scoped application — define resource paths, HTTP methods, and JavaScript handler functions. Return custom JSON responses, apply ACL-based authorisation. Outbound REST (REST Message): call external APIs from ServiceNow — define REST Message (base URL, auth, headers), REST Message Functions (specific endpoints), and call from Business Rules or Flow Designer. RESTMessageV2 API in script: var rm = new sn_ws.RESTMessageV2('MyRESTMessage', 'get_data'); rm.setStringParameterNoEscape('id', '12345'); var response = rm.execute(); var body = response.getBody(). Transform Maps: transform inbound data (XML or JSON) to ServiceNow records — map source fields to target table fields with optional transform scripts. MID Server: middleware server deployed on-premises or in a DMZ — enables ServiceNow to communicate with systems that are not publicly accessible (internal databases, LDAP servers, on-premises APIs). MID Server runs as a Windows service or Linux daemon, connects outbound to ServiceNow instance.