Application Development Fundamentals
Concepts
Cloud-based application: servicenow manages the computing resources and provides the platform. Users access applications through the web browser of their choice. Being a cloud application means there is nothing to install.
Why Develop Custom Application:
- Replace outdated, inadequate, custom business applications and process.
- Extend the value of ServiceNow.
- Extend service delivery and management to all enterprise departments.
- Bring greater levels of automation and consolidation to enterprise services and their management.
Should I build it?:
| Good Fit | Bad Fit |
|---|---|
| Data can be modeled in a relational databse. | Data is unstructured, such as audio or video. |
| Extensive use of forms to interact with data. | Multi-player games or applications requiring graphics engines. |
| Requires reporting capability. | No process flow through application. |
| Need Flows to manage processes. | Requires access to proprietary libraries that do not have an API. |
| Can extend existing functionality through JavaScript. |
servicenow platform is specialized for building B2E (Business to employee) applications.
Scoped Application Model
Principles:
- App should be able to be uninstalled
- Apps should NOT break the system
- Apps should NOT break other apps
- Apps should be self-contained
- Apps should have clearly defined dependencies
- Apps should only access what they need (least privilege)
| Feature | Scoped Apps | Global Apps |
|---|---|---|
| Namespace | Separate | Global |
| Delegated Development | ✅︎ | ❌ |
| Source Control integration | ✅︎ | ✅︎ |
| Publish to app repository | ✅︎ | ✅︎ |
| Easy file management | ✅︎ | ✅︎ |
Namespace: All scoped applications start with x_ and followed by company code which can be found at glide.appcreator.company.code system property, followed by the artifact name.
Delegated Development: Administrators can extend application development to other employees while maintaining control and governance over the platform, developer privileges, application resources, and data access.
Admins can gran non-admin users the ability to develop, deploy, and delete scoped applications.
- Application Specific permissions.
- Specify which application file types the develop can access.
- Instance-specific user roles.
- Grant the developer access to security records.
- Grant the developer access to script records.
Admins use Studio to manage Delegated Developers and the content they can access.
File > Manage Developers
Instance-specific deployment user roles allows an administrator to assign roles that enable non-admin users to install or upgrade all applications in specific instances.
Development vs Deployment
Development: Update sets
Deployment: Update sets or Application repository
Update Sets: They are used to manage and store changes (versions) to an application and produce a file for export. Administrators can manually transfer versions between instances with Update Sets.
Application Repository: The application repository is used for installing and updating applications on all company instances.
- Enables companies to store published applications for installation on any instance belonging to that company.
- Standardizes applications and versions installed on instances.
- Makes it easy to install / uninstall / update apps.
ServiceNow Store: It’s an online marketplace for downloading and installing servicenow applications.
Application Analysis and Design
Overview
Design your application:
- Business Logic:
- What needs to be done
- Process
- Stakeholders
- Input / Outputs
- Database Logic:
- Database tables and columns
- Relationships
- User interface:
- User profiles
- Desktop / Tablet / Mobile
Build a scoped architecture data model - Database logic & User interface
Build a data model: The data model details to the database schema what data your application reads and writes to/from the database.
- Tables
- Columns
- Relationships
Scoped architecture and design:
Design experience:
- Determine the platform(s) on which the application will run:
- Desktop and tablet
- Smartphone
- Determine how users will interact with an application:
- Standard catalog item
- Record producer
- Workspace
- Portal
- Mobile experience
Create application and modules
Application development tools
Application Engine Studio(AES): It’s a guided, low-code tool for developing rich we applications to store information, automate business processes, and solve business problems. You can delegate work.
ServiceNow Studio: Provides an IDE for application developers to work on custom applications in one centralized location.
All > System Applications > Studio
Guided Application Creator(GAC): It’s an intuitive development interface for building applications on the Now Platform, which provides a step-by-step process to guide you through your initial application development.
Additional Tools:
- Flow Designer
- Integration Hub
- Table Builder
- UI Builder
- Process Automation Designer
- Creator Work-flows
Create a custom application using GAC
Guided App Creator(GAC):
- Intuitive development interface
- Guides users through the application process
- Steps through basic application contents
GAC is enabled via
com.glide.sn-guided-app-creatorplugin. Users withsn_g_app_creator.app_creatorrole can access it.
System Applications > My Company Applications > Create New
In Studio, select the Create Application button
App creation Process:
You need to set
sn_g_app_creator.allow_globalto true to allow app creator developers to create global apps.
Designate data table options: Three methods to create a custom table:
- Upload a spreadsheet
- Exten a table
- Create a table
Applications can use multiple tables:
- Base tables
- Reference / lookup tables
Default table fields: All new tables have a default set of fields
- Created by [sys_created_by]
- Created [sys_created_on]
- Sys_id [sys_id]
- Updated [sys_updated_on]
- Updated by[sys_updated_by]
- Updates [sys_mod_count]
Application Access: Application access provides runtime protection for application tables against CRUD operations.(Scripts and Web service calls)
| Accessible: Application scope selection |
| Caller Access: Caller access records are use to track cross-scope applications the request access to an application, application resource, or event,. Option s include: None, Caller Tracking, and Caller Restriction |
| Can read / create / update / delete*: true / false |
| Allow access to this table via web services*: true / false |
| Allow configuration: Allow developers working from other application scopes to write scripts for this table. |
Linking Application to Git Repository
Source Control integration supports all custom applications. You can use different tools like GitLab, GitHub or others. Steps:
- Create a repository in the Git tool of you choice.
- Open the application of interest in Studio.
- Open Source Control > Link to Source Control.
- Configure the like:
- URL
- Username
- Password
- Select the link to Source Control button
In Studio, once the app is linked to source control, a default branch
sn_instances/<instance_name>is set. Admins can change set new branch by changingglide.source_control.default_branch_name
Branch: Branches allow you to work on different versions of a repository at a time. Create a branch to work on a new version of an existing application.
Stash: A stash is a locally stored set of changes. Creating a stash takes ALL local changes. You can’t pick and choose which changes to stash.
Stashes are used to move changes b/w branches. They can be applied to any branch including the branch from which the stash was created.
Stash: create, apply, and manage
Creating a Stash:
- Must be created before committing changes.
- After creating a stash, the stash must be applied.
- Steps:
- In Studio, open Source Control > Stash Local Changes.
- When prompted, select the Apply Stashed Changes button.
Applying a stash:
- Switch to target branch.
- Choose the stash to apply.
- ALL changes from the stash are applied
- Steps:
- Source Control > Switch Branch
- Source Control > Manage Stashes
- Source Control > Commit Changes
Configure application menu, create files, and commit changes
ServiceNow Studio: An IDE interface, to build custom applications.
- Create and modify application files
- Work in a tabbed environment.
System Applications > My Company Applications > locate_application > Edit in Studio
Studio Capabilities:
| Have | Doesn’t Have |
|---|---|
| Navigation and tabbed environment | Form Layout |
| Code Search | Ability to merge branches |
| Quick creation of scripts and files | Ability to add data |
| Push - Repository - Internal application reposity | Push to Update Set |
| Global application files management | Script Intellectual Property protection |
| Previous number check | |
| Testing of the application |
Application Forms
Forms, Fields, Lists, and Views
Default and Inherited lists: All new tables have a default list. Tables that extend another table, the fields on the default list depend on the parent table fields and list.
Default and Inherited forms: All new tables have a default form. Tables that extend another table, the fields on the default form depend on the parent table fields and form.
Field types: It’s important to choose the correct field type, as changing the type later can cause data loss.
- Date / Time
- Decimal
- Reference
- String
- True / False
Deleting fields from a table: User-defined fields can be deleted. Inherited fields cannot be deleted. No table records are deleted when a field is deleted.
New fields and forms: New fields are automatically added to the forms and they are not added to the lists.
Use sections to organize fields on a form: Multiple sections are grouped into tabs by default in the baseline, users do not see all of the fields all the time.
Tool tips add guidance: Tool tips help clarify what information a user should enter. Keep tool tips short as they are only visible for a few seconds.
Configure Label > Hint
Provide real-time feedback: Immediate and targeted feedback to users requires scripting. Give users feedback through Client Scripts and UI Action scripts.
- g_form.showFieldMsg()
- g_form.addInfoMessage()
- g_form.addErrorMessage()
- alert
- confirm
Adding annotations: Use annotations to add information, instructions, or separators to a form
Types:
- Info box blue
- Info box red
- Line separator
- Section details
- Section separator
- Text
Too add annotations to a form use form designer and drag
annotationfrom field types to the form layout.
Views: Views are different ways of looking at the same record. It defines which fields appear on the form or list and in which order. It is recommended to have different views for different users. An additional benefit of creating view is the ability to tailor functionality. Client Scripts and UI Policy can execute selectively based on views.
Only users with
veiw_changerrole can change their views.
View Rules: They allow you to ensure that, in certain cases, a View is forced from the server. Not even injecting query strings into the URL can fool it.
Scripting
Client scripts vs UI Policies:
| Feature | Client script | Ul Policy |
|---|---|---|
| Execute on form load. | ✅︎ | ✅︎ |
| Execute on form save/submit/update. | ✅︎ | |
| Execute on form field value change. | ✅︎ | ✅︎ |
| Have access to a field’s prior value. | ✅︎ | |
| Execute on list field value change(s). | ✅︎ | |
| Execute after Client scripts. | ✅︎ | |
| Access to the Condition Builder. | ✅︎ | |
| Require scripting. | ✅︎ | |
| Server-side scripts |
- Access Control
- Business Rules
- Scheduled Jobs
- Script Actions
- Script Includes
- UI Actions
- Flows
Application Management
Publishing and Git repository commit: Publishing an application automatically commits local changes to the Git repository if an application is linked. If you want to stash local changes, do so before publishing.
Publishing an application: Publish to the ServiceNow store or a repository. Versions must be unique.
Steps:
- In Studio, select the File menu
- Select Publish
- Add Dev Notes
- Select the Submit button
Applications published to the ServiceNow Store are sent for review and are not published directly to the store.
Installing and updating an application:
Install:
- System Applications > My Company Applications
- Select Not Installed tab and choose the application you want to install
Update:
- System Applications > My Company Applications
- Select Installed tab and select the Update button
Uninstall or Roll back an application
Roll Back: Go to the previous installation, doesn’t affect the global application record.
Uninstall: Removes the application from an instance but not from the app repository. Can be re-installed later.
Controlling Access
Configure application security
What can be controlled?: Access can be restricted to:
- Application menus
- Modules
- Records
- Fields
Application menu permissions: Control access to application through roles.
Module permissions: Control access to application through roles. The Override application menu roles option allows users without access to the application menu to access a module for which they are authorized.
Record and field permissions: By default servicenow security approach is to deny access by default. The four basic Access Controls (CRUD) can be generated automatically when creating tables in an application.
Access Control rules: rows vs fields:
- table.None: applies to a table’s record. Users must meet these permissions in order to view a tables’s list or form. If access is denied to a table, no field level rules can grant access.
- table.field: applies to only one field on a recored. If access to a row is allowed but the field is denied, the field is not visible.
- table.*: applies to every field on a record where there is no field-specific ACL. If access to a row is allowed and access to a field is allowed, the field is visible.
Access Control rule evaluation:
In the following order
- Table (most specific > most general)
- Field (most specific > most general)
Access Control configuration: Access Control Rules allow access to the specified resource if all four of these checks evaluate to true in the following order:
- Role
- Security attribute: Conditions listed in the Conditions Builder are met. If no conditions listed, this attribute evaluates to true.
- Condition builder: Conditions in the Condition field evaluate to true, or conditions are empty.
- Script: Execute server side
Debugging Access Control:
- Enable: System security > Debugging > Debug Security Rules
- Disable: System security > Debugging > Stop Debugging
Yet to complete remaining modules
If you find any mistakes or want to add any more information to this blog, submit a pull request at CAD.md