As a Product Owner, introducing new functionalities like Digital Portfolio Management and Service Builder is exciting. These tools empower organizations to manage services and offerings more effectively.

However, with innovation comes complexity. Suddenly, you have multiple stakeholders creating services and offerings—many of whom are unfamiliar with the process. Granting direct access to production is risky because mistakes can lead to serious disruptions without proper governance. I was in a similar situation.

Governance isn’t about slowing down; it’s about building a foundation that lasts.

To maintain control and reduce errors, I enforced the DTAP flow (Development, Test, Acceptance, Production). This means every service and offering must first be created in Development instance. Then, a system administrator (or a dev) manually collects all related resources and moves them through the environments. While this approach ensures stability, it’s time-consuming and prone to human error.

Instead of relying on manual migration, I wrote a script that automatically adds all Service Builder assets to an update set. This simple automation keeps the DTAP process intact while giving the Product Owner full control over what moves to higher environments. I took help from the Add to Update Set Utility.

Note: You can execute this script in Global but Service Builder runs in the DPM scope. You might have to declare Application Cross-scope access to be able to run this in the DPM scope. You can also run the script twice as a fix script in multiple application scope.
Note 2: To ensure alignment with the pending governance framework, the table configuration (update_synch=true) was intentionally not modified to support automatic data capture. This maintains strict control over data migrations via manual processes until the governance structure is fully implemented.

The result?

• Fewer mistakes

• Faster deployments

• Better governance

initiateUpdateSetAddition();
function initiateUpdateSetAddition() {
// All the tables involved in the Service Builder usage
var tableNames = [
   "cmdb_ci_service",
   "cmdb_ci_service_business",
   "cmdb_ci_service_technical",
   "service_offering",
   "cmdb_rel_ci",
   "sc_cat_item_subscribe_mtom",
   "service_offering_commitment",
   "service_subscribe_company",
   "service_subscribe_department",
   "service_subscribe_location",
   "service_subscribe_sys_user",
   "service_subscribe_sys_user_grp",
   "contract_rel_ci",
   "sn_dpm_kpi_group_m2m_spm_nodes",
 ];

for (var i = 0; i < tableNames.length; i++) {
   getRecordsToaddToUpdateSet(tableNames[i]);
 }
}
function getRecordsToaddToUpdateSet(tableName) {
var gr = new GlideRecord(tableName);
// update this query to what you wish
// You can also avoid the query to get all the asset
// If you know or are in doubt that no query will result in a heavy transaction, then do it periodically. For e.g. update the query to have everything created in the last week.
//updated this month
 gr.addEncodedQuery(
   "sys_created_onONLast 30 days@javascript:gs.beginningOfLast30Days()@javascript:gs.endOfLast30Days()"
 );
 gr.query();
while (gr.next()) {
   addToUpdateSet(gr);
 }
}

function addToUpdateSet(current) {
 current.setForceUpdate(true);
 current.update();
var updateManager = new GlideUpdateManager2();
var currTable = current.getTableName();
if (
   currTable.startsWith("wf_") ||
   currTable.startsWith("sys_ui_") ||
   currTable == "sys_choice" ||
   current.getED().getAttribute("update_synch") == "true" ||
   current.getED().getAttribute("update_synch_custom") == "true"
 ) {
   return;
 } else {
   updateManager.saveRecord(current);
 }
}

The Dilemma: Balance Agility with Control

While ServiceNow’s standard recommendation is to manage Services and Offerings directly within the Production environment to ensure real-time accuracy, this approach isn’t without its hurdles. Before opening the gates, every Product Owner must weigh the following strategic factors:

• Re-evaluating Production Access for Stakeholders: While decentralizing service ownership is the goal, we must ask: Is the risk of granting direct Production access to non-technical stakeholders worth the potential for data fragmentation? Allowing “live” edits without a safety net can lead to inconsistent naming conventions and broken dependencies that impact your entire CSDM structure.
• The ‘Gatekeeper’ Strategy: When to Choose Manual Migration:In our journey, we opted for a manual “Gatekeeper” approach. This wasn’t to create a bottleneck, but to ensure quality. By choosing manual data capture and migration (via XML or Import Sets) over direct prod CRUD access, we gained the oversight needed during our governance transition. The question isn’t if you should always be strict with your data, but when: How long does your team need that manual oversight before the governance framework is mature enough to run on autopilot?
• Leveraging DTAP for DPM Scalability: Is a strict DTAP (Dev-Test-Acceptance-Prod) flow the answer to your deployment headaches? For Digital Portfolio Management (DPM), the answer is a resounding yes as most of it is data and not captured in update sets. Maintaining this flow ensures that your service architecture is vetted, tested, and aligned with organizational standards before it is active in Production.