Removing assignments from Configuration Compliance remediation tasks

  • Release version: Xanadu
  • Updated May 29, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Removing assignments from Configuration Compliance remediation tasks

    ServiceNow customers managing Configuration Compliance remediation tasks can now clear theAssigned toandAssignment groupfields directly from remediation tasks and their associated test result records. This feature is useful when remediation tasks (RTs) or test results have been incorrectly assigned or fall outside the scope of your or your group's responsibilities.

    Show full answer Show less

    The Unassign button is available on remediation tasks and test results in any state other than Closed or Resolved. Selecting this button prompts an action that reassigns all associated test results and updates their assignment type to Unassigned, except for test results manually assigned to different groups.

    Key Features

    • Unassign capability: Allows remediation owners to remove themselves or their groups from task assignments easily via the Unassign button.
    • System properties and approval workflow: By default, unassigning triggers an approval process for users with the snvulc.vulnerabilityadmin role, controlled by the snvulc.unassigntestresultgroup.approvalrequired system property.
    • Customizable assignment post-unassign: The snvulc.defaultassignmentgroup system property lets administrators specify a default group to assign tasks after unassignment, or clear the fields to leave tasks unassigned.
    • Notification management: If no default group is configured, users in the Unassign notification group are alerted, governed by snvulc.defaultnotificationgroup.
    • Monitoring via scheduled job: A daily job tracks RTs transitioning to the Unassigned state and counts manual and automatic unassignments, helping vulnerability analysts monitor and adjust assignment rules effectively.
    • Assignment rule insights: The reassignment counts appear on the Vulnerability Assignment Rules list, enabling administrators to identify poorly performing rules and review original rule assignments for reassigned RTs.

    Practical Benefits

    • Empowers remediation owners to correct assignment errors without administrative overhead.
    • Supports governance by requiring approvals for unassignments, which can be disabled if desired.
    • Enhances workflow flexibility by allowing automatic reassignment to specific groups or leaving tasks unassigned.
    • Improves visibility and management of assignment rules through automated tracking and reporting.

    Next Steps for Customers

    • Use the Unassign button on remediation tasks and test results when you identify incorrect assignments.
    • For administrators, configure the relevant system properties to tailor approval requirements, default assignment groups, and notification groups according to your organizational policies.
    • Monitor reassignment counts regularly via the Vulnerability Assignment Rules list to optimize assignment rules and reduce unassigned remediation tasks.
    • Refer to the Unassigned module under Configuration Compliance to review and reassign unassigned remediation tasks as needed.

    You can clear the Assigned to and Assignment group fields on remediation tasks and their associated test results directly from the test result records and remediation tasks that you determine might be incorrectly assigned to you or your groups.

    Overview of the workflow

    Remediation owners can update records for reassignment with the Unassign button.

    Use case for sn_vulc.remediation_owner

    If you determine that RTs and their associated test results aren't within your scope for remediation, or if you think that records have been incorrectly assigned to you or to your groups, you can remove yourself or your groups from the Assigned to and Assignment group fields on those remediation task records.

    Unassign module

    The Unassign button is displayed on the remediation task and test result records in any state other than the Closed or Resolved states.

    If you select Unassign, you are prompted that all the associated test results with the remediation task are reassigned and transition to the Unassigned assignment type.
    Note:
    If any test result on a remediation task has a different assignment group than its remediation task, it is not unassigned. In most cases, these test results have been manually assigned.

    Any records that you update with either the UI button or manually, are displayed on the Unassigned module under Configuration Compliance.

    For the steps to reassign records using the Unassigned UI action, see Remove assignments from remediation tasks for you or your groups.

    System property and notifications

    If you are an administrator with the sn_vulc.vulnerability_admin role, when you select Unassign on a record, by default, the system property, sn_vulc.unassign_test_result_group.approval_required triggers the State Change Approval record and Requested Approval record. Also, the request displays in the My Approvals list of the approver.

    Note:
    As a vulnerability administrator, you can set the sn_vulc.unassign_test_result_group.approval_required system property to false to disable the approval process.
    • If the approver approves your request, by default, the system property, sn_vulc.default_assignment_group clears the Assigned to and Assignment group fields, and populates the Assignment type field with Unassigned. As a vulnerability administrator, you can change the value in the sn_vulc.default_assignment_group system property so that the assignment fields are cleared and a specific group is then assigned. For example, if a user selects Unassign on a record and you want to redirect it to a specific group for review, you can add a system ID for the group of your choice in the value field of the system property.
    • If the approver rejects your request, the reason for rejection displays on the Notes tab.

    Alternatively, if sn_vulc.default_assignment_group is not configured for a specific group, by default, users that you add to the Unassign notification user group are alerted when records are unassigned. The system property, sn_vulc.default_notification_group determines the notifications to this group.

    The assignment type, whether it's Manual, Rule, or Unassigned, is available from the RT records and the list view. The Unassigned assignment type is displayed after the Assigned to and Assignment group fields are cleared by the system property of the feature.

    Monitoring your assignment rules with the scheduled job for this feature

    A daily scheduled job counts the records when they transition to the Unassigned assignment type. With this count, vulnerability analysts can monitor and adjust any assignment rules that might not be performing well based on any assignment rules that have higher counts of unassigned RTs.

    The Reassignment count for assignment rules scheduled job runs daily and posts the total number of RTs that are unassigned by this feature for a particular assignment rule.

    The job also counts any records that are manually unassigned. Both the manual counts and the counts that are gathered by this feature are posted on the Vulnerability Assignment Rules list in two columns: Reassignment count - manual items and Reassignment count - unassigned items.

    Reassignment count for an assignment rule for remediation task.

    1. As a vulnerability administrator, you can view these counts by navigating to Configuration Compliance > Administration > Assignment Rules.
    2. Select the gear icon in the upper right of the list and select the Reassignment count - manual items, and Reassignment count - unassigned items for display.
    3. Any RT that was originally assigned by a rule but later was automatically or manually reassigned, contains a reference to the original rule in the list view.