Entity map
Trace a foreign key by hovering it.
Seven tables, nine relationships. Hover any entity to see exactly which tables it touches — this is the same join logic the ServiceNow catalog runs at request time to decide what a requester is even allowed to see.
Full relationship matrix
The same nine relationships, listed with the field that carries each foreign key.
| From | To | Cardinality | Carried by field |
|---|---|---|---|
| business_app | appl_instance | 1 : N | appl_instance.business_app |
| appl_instance | sys_user_group | 1 : N | sys_user_group.appl_instance |
| sys_user_group | sys_user | N : N | sys_user_grmember |
| appl_instance | u_pam_safe | 1 : N | u_pam_safe.appl_instance |
| sys_user | u_pam_safe | 1 : N | u_pam_safe.service_owner |
| u_pam_safe | u_pam_account | 1 : N | u_pam_account.safe |
| u_pam_safe | u_pam_safe_permission | 1 : N | u_pam_safe_permission.safe |
| sys_user_group | u_pam_safe_permission | 1 : N | u_pam_safe_permission.grantee |
| sys_user | u_pam_safe_permission | 1 : N | u_pam_safe_permission.grantee |
The grantee field is polymorphic — it can point to either a
sys_user_group (the common case: general members get use_retrieve) or a single sys_user (the exception: the service owner gets reconcile). This is the single field that encodes the entire permission-split principle from the governance rules.