Cloud Account Management ACL groups, roles, and responsibilities

  • Release version: Yokohama
  • Updated August 23, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Cloud Account Management ACL groups, roles, and responsibilities

    In ServiceNow's Cloud Account Management, Access Control Lists (ACLs), groups, and roles define how access permissions are structured and managed within your cloud environment. These roles enable controlled, secure, and compliant creation, approval, certification, and administration of cloud accounts.

    Show full answer Show less

    Key Roles and Responsibilities

    • Requester Group (snitomcam.cwrequester): Initiates cloud account requests by providing necessary information and justifications. They also manage account status changes, such as requesting suspensions or reactivations.
    • Approver Group (snitomcam.cwapprover): Reviews and either approves or denies cloud account requests, ensuring each request aligns with budget constraints. They communicate decisions clearly with rationale directly on the request.
    • Admin Group (snitomcam.cwadmin): Maintains alignment between Cloud Account Management, cloud provider configurations, and Terraform setups. They provision new cloud accounts, troubleshoot provisioning issues, customize data certification policies to organizational needs, and oversee all cloud accounts centrally.
    • Certifier Group (snitomcam.cwcertifier): Reviews discovered cloud accounts and associated verification tasks, certifying compliance with organizational standards or marking accounts as non-compliant.

    How These Roles Work Together

    The requester group initiates and manages account requests, which the approver group evaluates and approves based on compliance and budget considerations. The admin group provisions and manages cloud accounts, ensuring configurations are consistent and issues are resolved promptly. Meanwhile, the certifier group performs compliance certification to maintain ongoing governance over cloud accounts.

    Benefits for ServiceNow Customers

    • Controlled Access: Segregation of duties between requesters, approvers, admins, and certifiers enforces security and governance.
    • Efficient Cloud Account Lifecycle: Streamlined processes from request through provisioning to certification improve operational efficiency.
    • Compliance and Visibility: Centralized management and clear role responsibilities promote budget adherence, data certification, and compliance monitoring.

    Access control lists (ACLs), groups, and roles in Cloud Account Management control how access permissions are organized and managed within a cloud environment.

    Groups and roles in Cloud Account Management

    Table 1. Cloud Account Management groups and responsibilities
    Group Role Responsibilities
    ITOM Cloud Account Management requester group sn_itom_cam.cw_requester
    • Initiates cloud account requests: Triggers the process for creating cloud accounts.
    • Justifies account creation: Provides clear and compelling reasons for why each cloud account is needed.
    • Gathers and submits account information: Collects and submits all the necessary details required for successful cloud account creation.
    • Manages account status: Request suspension or reactivation of cloud accounts as needed.
    ITOM Cloud Account Management approver group sn_itom_cam.cw_approver
    • Evaluates and approves account requests: Review account creation requests, carefully assessing their validity and alignment with budget constraints. Following this evaluation, the administrator grants approval or denial of the request.
    • Verifies budgetary compliance: Confirms that the requested cloud account aligns with available budgetary resources before granting approval.
    • Communicates decisions with clear rationale: Communicates clearly the approval or denial decision to the requester by adding a comment to the request itself. This comment should provide a concise and informative explanation for the decision.
    ITOM Cloud Account Management admin group sn_itom_cam.cw_admin
    • Verifies configuration alignment: Verifies that Cloud Account Management configurations are consistent and aligned with both cloud provider configurations and Terraform configurations. This process promotes secure access management practices across all environments.
    • Provisions cloud accounts: Configures the cloud context to provision new cloud accounts, streamlining the account creation process.
    • Troubleshoots provisioning issues: Diagnoses and resolves any problems encountered during cloud account provisioning, promoting successful account creation.
    • Customizes data certification policy: Tailors the Cloud Account Management default data certification policy to meet specific organizational requirements, promoting appropriate data handling procedures.
    • Manages all accounts: Oversees all cloud accounts, including CW-managed accounts and on-boarded accounts, guaranteeing centralized control and visibility.
    ITOM Cloud Account Management certifier group sn_itom_cam.cw_certifier
    • Certifies discovered accounts: Reviews discovered accounts listed in the Subscription Accounts tab and designates them as certified if they meet compliance standards or failed if they don't. This process verifies proper vetting and ongoing monitoring of cloud accounts.
    • Manages verification tasks: Accesses and reviews verification tasks associated with cloud accounts. Following review, the administrator can certify tasks to indicate their successful completion.

    How they work together

    Table 2. Cloud Account Management groups and responsibilities
    Group Role Responsibilities
    ITOM Cloud Account Management requester group sn_itom_cam.cw_requester
    • Initiates cloud account requests: Triggers the process for creating cloud accounts and provides the information for creating the account.
    • Manages account status: Requests suspension or reactivation of cloud accounts.
    ITOM Cloud Account Management approver group sn_itom_cam.cw_approver
    • Evaluates and approves account requests.
    • Verifies budgetary compliance of requested cloud accounts and alignment with available budgetary resources.
    ITOM Cloud Account Management certifier group sn_itom_cam.cw_certifier
    • Certifies discovered accounts.
    • Accesses and reviews verification tasks associated with cloud accounts.
    ITOM Cloud Account Management admin group sn_itom_cam.cw_admin
    • Verifies that Cloud Account Management configurations are consistent and aligned with both cloud provider configurations and Terraform configurations.
    • Provisions cloud accounts.
    • Troubleshoots provisioning issues: Diagnoses and resolves any problems encountered during cloud account provisioning.
    • Customizes data certification policies to meet specific organizational requirements.
    • Oversees all cloud accounts, including CW-managed and on-boarded accounts, guaranteeing centralized control and visibility.

    To return to the main topic, see Exploring Cloud Account Management.