Custom App Patterns on the Now Platform

Scope Everything

Never build a custom app in global scope. Create an application scope. Tables, scripts, ACLs, UI — all live in the scope. Clean packaging, clean install, clean removal.

Table Design

Extend when you can, don’t when you shouldn’t. Extending Task gives you free SLA, notification, and workflow support. Extending sys_metadata does not. Choose parent tables consciously.

Business Rules vs Flows

Use Flow Designer for cross-entity workflows and async. Use business rules for record-level invariants (validation, defaulting). Don’t mix.

Security Model

Define roles per persona. Assign ACLs to roles. Don’t grant users direct ACLs. When a role becomes a shortcut for admin, it’s over-scoped.

Testing and ATF

Every custom app should have an ATF test suite. Minimum: happy-path creation, a validation rule, and a security check. ATF runs in CI via MID server integration.

Scope Everything

Table Design

Business Rules vs Flows

Security Model

Testing and ATF

More in this thread

ServiceNow ACL Security: The Model Decoded

ServiceNow Agentic AI: The Enterprise Plus Feature

ServiceNow Agentic AI: High-Value Scenarios