Entity map

Trace a foreign key by hovering it.

Seven tables, nine relationships. Hover any entity to see exactly which tables it touches — this is the same join logic the ServiceNow catalog runs at request time to decide what a requester is even allowed to see.

1:N 1:N N:N 1:N 1:N owner 1:N 1:N grants grantee grantee business_app cmdb_ci_business_app appl_instance cmdb_ci_appl_instance sys_user_group scoped to app + instance sys_user requester · owner u_pam_safe tagged to instance u_pam_account win · unix · db · ldap safe_permission use/retrieve · reconcile

Full relationship matrix

The same nine relationships, listed with the field that carries each foreign key.

FromToCardinalityCarried by field
business_appappl_instance1 : Nappl_instance.business_app
appl_instancesys_user_group1 : Nsys_user_group.appl_instance
sys_user_groupsys_userN : Nsys_user_grmember
appl_instanceu_pam_safe1 : Nu_pam_safe.appl_instance
sys_useru_pam_safe1 : Nu_pam_safe.service_owner
u_pam_safeu_pam_account1 : Nu_pam_account.safe
u_pam_safeu_pam_safe_permission1 : Nu_pam_safe_permission.safe
sys_user_groupu_pam_safe_permission1 : Nu_pam_safe_permission.grantee
sys_useru_pam_safe_permission1 : Nu_pam_safe_permission.grantee
The grantee field is polymorphic — it can point to either a sys_user_group (the common case: general members get use_retrieve) or a single sys_user (the exception: the service owner gets reconcile). This is the single field that encodes the entire permission-split principle from the governance rules.