Roles installed with Operational Resilience

Yokohama Governance, Risk, and Compliance

Release

yokohama

ft:locale

en-US

ft:publication_title

Yokohama Governance, Risk, and Compliance

ft:clusterId

grc

bundleId

grc

workflow

Technology

Roles installed with Operational Resilience

Release version: Yokohama

Updated July 31, 2025

4 minutes to read

Summarize

Summarized using AI

Summary of Roles installed with Operational Resilience

The Operational Resilience application in ServiceNow includes several predefined roles designed to manage operational resilience, business continuity management (BCM), and integrated risk management (IRM). These roles enable users to configure scenarios, review reports, manage vulnerabilities, and access specialized workspaces depending on their responsibilities. Understanding these roles helps organizations assign proper permissions and streamline operational resilience activities.

Show full answer Show less

Key Roles and Responsibilities

Operational Resilience Administrator ([snoperres.admin]): Configures scenarios, entity types, filters, and reporting pillars; customizes dashboards; requires ITIL role for CMDB relationships; includes several admin-level roles for governance and vulnerability management.
Operational Resilience Manager ([snoperres.manager]): Oversees operational resilience using dashboards and reports; includes roles for case management and risk review.
Operational Resilience User ([snoperres.user]): Reviews dashboards and supporting data; completes impact tolerance and test plans; accesses vulnerability response data; can submit operational vulnerability reports.
BCM and Operational Resilience Roles: Comprise Administrator, Manager, and User roles with permissions to access both Operational Resilience and BCM workspaces, depending on the role level. The User role can view BCM UIB Workspace but not IRM data.
IRM Operational Resilience Roles: Include Administrator, Manager, and User roles focused on operational resilience within IRM, excluding access to BCM reports and data. These roles include compliance and risk reader permissions when applicable.
Incident Reporting Roles: Roles such as Digital Resilience Incident Admin, Manager, and User support the reporting and management of digital resilience incidents.

Role Families and Lite Apps

When Lite applications for BCM or IRM are installed, specific roles like snoperres.bcmopresuser and snoperres.irmopresuser become Lite operators. These roles allow access to corresponding Operational Resilience and BCM Configurable Workspaces but may restrict access to full Compliance or Risk Workspaces unless additional roles are assigned.

Workspace Access

Operational Resilience and BCM Configurable Workspace access is granted to users with BCM Operational Resilience roles.
Operational Resilience Workspace access is available for IRM Operational Resilience roles.
Risk and Compliance Workspaces require specific risk and compliance manager or analyst roles.

Plugin Dependencies

BCM Professional: Requires Business Continuity Planning, Business Impact Analysis, Crisis Management, and Data Relationships Framework applications. Vulnerability Response is optional.
IRM Professional: Requires Advanced Risk Assessment, Data Relationships Framework, Policy and Compliance Management, and Risk Management applications. Vulnerability Response is optional.

Practical Implications for ServiceNow Customers

Assigning the correct Operational Resilience roles ensures that users have appropriate access to configure scenarios, manage risks, view dashboards, and report incidents effectively. Understanding the distinctions between BCM and IRM roles, especially under Lite app installations, allows customers to tailor permissions to organizational needs. Additionally, awareness of plugin dependencies helps in planning installations and upgrades for full functionality within Operational Resilience.

Several types of roles are installed with the Operational Resilience application.

Roles that are installed with Operational Resilience

Note:

For more information on roles and FAQs, see KB0555605.

Table 1. Roles installed with Operational Resilience
Role name	Description
Operational Resilience administrator [sn_oper_res.admin]	The Operational Resilience administrator is responsible for: Configuring scenarios Setting up entity types, entity filters, and reporting pillars based on dashboard requests from the business teams. Customizing reports on the Operational Resilience dashboard. The Operational Resilience administrator should have the ITIL role to add the CMDB relationship between the service and the process. The Operational Resilience administrator role contains the following roles: sn_grc.admin sn_oper_res.manager Contains sn_grc_case_mgmt.grc_case_admin, who inherits the ability to set up the vulnerability type, state models, vulnerability assessment templates, and document templates.
Operational Resilience Manager [sn_oper_res.manager]	The Operational Resilience Manager is responsible for: Ensuring operational resilience in the organization using the dashboards and reports Reviewing reports on the Operational Resilience dashboard, as well as supporting data. The Operational Resilience Manager role contains the following roles: sn_grc.manager sn_compliance.reader sn_oper_res.user sn_risk.reader Contains sn_grc_case_mgmt.grc_case_manager, who inherits the ability to submit operational vulnerability (A type of case).
Operational Resilience User [sn_oper_res.user]	The Operational Resilience User is responsible for: Reviewing reports on the Operational Resilience dashboard, as well as supporting data. Completing impact tolerance and test plans for individuals assigned to the service impact analysis. The Operational Resilience User can access the Vulnerability Response data. The Operational Resilience User role contains the following roles: sn_incident.read sn_grc.reader task_editor Contains sn_grc_case_mgmt.grc_case_business_user, who can be assigned tasks or issues in the operational vulnerability.
sn_oper_res.operational_resilience_business_user	Submits "Report operational vulnerability" from the employee center from: instancename/esc?id=emp_taxonomy_topic&topic_id=14aedd93a314121051b1ab18951e6150&in_context=true
BCM and Operational Resilience Administrator [sn_oper_res.bcm_opres_admin]	The BCM and Operational Resilience Administrator role contains the following roles: sn_oper_res.bcm_opres_manager sn_oper_res.admin
BCM and Operational Resilience Manager [sn_oper_res.bcm_opres_manager]	The BCM and Operational Resilience Manager role contains the following roles: sn_oper_res.bcm_opres_user sn_oper_res.manager
BCM and Operational Resilience User [sn_oper_res.bcm_opres_user]	The BCM and Operational Resilience User role has the following permissions: Can read the BCM UIB Workspace. Cannot access the IRM reports or data. The BCM and Operational Resilience User role contains the following roles: sn_bcm.viewer sn_oper_res.user
IRM Operational Resilience User [sn_oper_res.irm_opres_user]	The Integrated Risk Management (IRM) Operational Resilience User role cannot access the BCM reports and data. It contains: sn_grc.reader sn_oper_res.user The following user roles are contained only when policy and compliance management and risk management are installed: sn_compliance.reader sn_risk.reader
IRM Operational Resilience Administrator [sn_oper_res.irm_opres_admin]	The IRM Operational Resilience Administrator role contains the following roles: sn_oper_res.irm_opres_manager sn_oper_res.admin
IRM Operational Resilience Manager [sn_oper_res.irm_opres_manager]	The IRM Operational Resilience Manager role contains the following roles: sn_oper_res.irm_opres_user sn_oper_res.manager

Table 2. Model types when Lite Apps are installed
Roles	Family	Comments
sn_oper_res.admin	IRM	None
sn_oper_res.manager	IRM	None
sn_oper_res.user	IRM	The sn_oper_res.user role is required to access Vulnerability profile records.
New roles introduced
sn_oper_res.bcm_opres_admin	BCM	The sn_bcm.viewer role is required to access the BCM Configurable Workspace. A user with the sn_oper_res.bcm_opres_user+ role can access both Operational Resilience Workspace and BCM Configurable Workspace.
sn_oper_res.bcm_opres_manager	BCM
sn_oper_res.bcm_opres_user	BCM
sn_oper_res.irm_opres_admin	IRM	A user with the sn_oper_res.irm_opres_user+ role can access the Operational Resilience Workspace, but cannot access the Compliance Workspace and Risk Workspace. Extra roles are needed to access the Compliance Workspace and Risk Workspace.
sn_oper_res.irm_opres_manager	IRM
sn_oper_res.irm_opres_user	IRM

Roles created for BCM Professional and IRM Professional

The following roles are created for the BCM Professional users:
Note:
When the app-grc-bcm-lite applications are not installed, the users with these roles are counted as operators.
- sn_oper_res.bcm_opres_admin
- sn_oper_res.bcm_opres_manager
- sn_oper_res.bcm_opres_user
The following roles are created for the IRM Professional users:
Note:
When the app-grc-bcm-lite applications are not installed, the users with these roles are counted as operators.
- sn_oper_res.irm_opres_admin
- sn_oper_res.irm_opres_manager
- sn_oper_res.irm_opres_user
When the following Lite applications are installed, the users with the sn_oper_res.bcm_opres_user, sn_oper_res.irm_opres_user, or sn_oper_res.user roles are counted as Lite operators.
- BCM Lite application: app-grc-bcm-lite (Plugin id: com.snc.app_grc_bcm_lite)
- IRM Lite application: app-grc-business-user-lite (Plugin id: com.sn_grc_lite)
The sn_oper_res.admin, sn_oper_res.manager, and sn_oper_res.user roles are included in IRM.

Roles required for accessing the Workspaces

A user with one of the following roles can access the Operational Resilience Workspace and BCM Configurable Workspace:

sn_oper_res.bcm_opres_user
sn_oper_res.bcm_opres_manager
sn_oper_res.bcm_opres_admin

A user with any following role can access the Operational Resilience Workspace:

sn_oper_res.irm_opres_user
sn_oper_res.irm_opres_manager
sn_oper_res.irm_opres_admin

A user with one of the following roles can access the Risk Workspace:

sn_risk_workspace.business_op_risk_manager
sn_risk_workspace.IT_risk_manager
sn_risk_workspace.operatonal_risk_manager

A user with one of the following roles can access the Compliance Workspace:

sn_compliance_ws.corporate_compliance_analyst
sn_compliance_ws.corporate_compliance_manager
sn_compliance_ws.it_compliance_manager

Roles used for reporting the incidents

The following roles are used for reporting incidents in the Digital resilience incident reporting module.

Table 3. Roles used for reporting the incidents
Role	Description
sn_dri_inc_rptg.digital_resilience_incident_admin	Role for setting up administrative and Digital resilience incident activities.
sn_dri_inc_rptg.digital_resilience_incident_manager	Role for creating Operational Resilience and Digital resilience incident activities.
sn_dri_inc_rptg.digital_resilience_incident_user	Role for participating in Operational Resilience and Digital resilience incident activities.

Plugin dependencies for BCM Professional

For BCM Professional, the following mandatory applications are installed with Operational Resilience. BCM plugins.

Business Continuity Planning (com.snc.bcm.app_bcm_planning)
Business Impact Analysis (com.snc.bcm.app_bcm_bia)
Crisis Management (com.snc.bcm.app_bcm_exercise)
Data Relationships Framework (com.sn_app_grc_relationship_config)
Optional: Vulnerability Response (com.snc.vulnerability)

Plugin dependencies for IRM Professional

For IRM Professional, the following mandatory applications are installed with Operational Resilience. IRM plugins.

Advanced Risk Assessment (com.sn_risk_advanced)
Data Relationships Framework (com.sn_app_grc_relationship_config)
Policy and Compliance Management (com.sn_compliance)
Risk Management (com.sn_risk)
Optional: Vulnerability Response (com.snc.vulnerability)