GRC Feature roles

  • Freigeben Version: Australia
  • Aktualisiert 12. März 2026
  • 3 Minuten Lesedauer

    • GRC Feature roles are specialized roles that grant access to capabilities of specific GRC features or application areas.

    GRC Feature roles plugin

    Download and install the GRC Feature roles plugin (sn_grc_ftr_role) from the ServiceNow Store to granular obtain access to individual IRM features. GRC Feature roles provide access to individual Integrated Risk Management (IRM) capabilities, instead of granting access to the entire IRM feature set. This approach enables users for granular access to specific functionalities, such as Compliance Library, Policy Management, and Control Attestations and Monitoring. It also enables precise control over what is shared with non-IRM products.

    Feature sets

    GRC features are logically grouped into feature sets. Feature roles are associated with a specific feature set and provide access to the features available in that feature set.

    Non-IRM users can perform the following actions when assigned appropriate feature roles:
    • Library and Control feature set
      • Create and manage library objects such as authority documents, citations, and control objectives.
      • Associate entity and entity types to control objectives and generate controls.
      • Manage control workflows, monitor controls effectively using attestations and indicators, and generate issues.
    • Policy feature set
      • Create and manage policies and the policy lifecycle.
      • Create policy acknowledgments and policy exceptions.
    • Audit feature set

      Create and manage engagements, activities, and scoping entities within those engagements. This role also provides access to a lite version of audit workspace.

    • Evidence feature set

      Create and manage evidence requests, collection details, and evidence responses.

    Wichtig:
    GRC Feature roles uses the functional domain field on the individual record to identify the type of the record. Access to the record is restricted based on the functional domain enabling the required access to users who need it. For more information about functional domains, see Tagging records with functional domain.
    Tabelle : 1. GRC Feature roles
    Role Description
    sn_compliance.library_employee_reader

    [Employee Operator]

    		 Users with this role have read access to all library objects (Authority documents, Citation, Control objectives, Policies).
    sn_compliance.policy_exception_employee_user

    [Employee Operator]

    		 Users with this role have read access to library, implementation, and can request extension of a policy extension.
    sn_compliance.control_employee_reader

    [Employee Operator]

    		 Users with this role have read access to library, implementation objects like controls and control requirements.
    sn_compliance.policy_ack_employee_user

    [Employee Operator]

    		 Users with this role have read access to library, policies, and acknowledge policies.
    sn_grc.issue_employee_user

    [Employee Operator]

    		 Users with this role have read access to library, and policies.
    sn_grc.library_reader

    [Lite Operator]

    		 Users with this role have read access to entities, content, document, audience, audience filters.
    sn_grc.compliance_assurance_reader

    [Lite Operator]

    		 Users with this role have read access to item, issues, assessments, indicators, and indicator templates.
    sn_compliance.library_reader

    [Lite Operator]

    		 Users with this role have read access to Compliance Library (Authority Documents, Citations, Control Objectives, Policies).
    sn_compliance.control_framework_reader

    [Lite Operator]

    		 Users with this role have read access to controls and control requirements.
    sn_compliance.policy_reader

    [Lite Operator]

    		 Users with this role have read access to policies, policy exceptions, and policy acknowledgments.
    sn_grc.compliance_assurance_business_user

    [Lite Operator]

    		 Users with this role can create an issue, respond to indicator task, create remediation task, and associate issue to related objects.
    sn_compliance.control_framework_business_user

    [Lite Operator]

    		 Users with this role can associate impacted controls to policy exception.
    sn_compliance.policy_business_user

    [Lite Operator]

    		 Users with this role can request policy exception, extension, acknowledge policies, and contribute to policies.
    sn_grc.shared_configurator

    [Lite Operator]

    		 Users with this role have enable access to common functionalities irrespective of the feature set.
    sn_grc.library_user

    [Operator]

    		 Users with this role can associate document/content with related objects like information objects, issues, and entities.
    sn_grc.compliance_assurance_user

    [Operator]

    		 Users with this role can create item, define assessment grouping, associate item to entity/entity types, associate entity with content, document, indicator, and indicator templates.
    sn_compliance.library_user

    [Operator]

    		 Users with this role can create control objectives and policies.
    sn_compliance.control_framework_user

    [Operator]

    		 Users with this role can create controls, control requirements, and associate controls to entities.
    sn_compliance.policy_user

    [Operator]

    		 Users with this role can create policies, acknowledgment campaign, and define policy exception related records.
    sn_grc.library_manager

    [Operator]

    		 Users with this role can create content, document, audience, indicator templates, entity, and entity types.
    sn_grc.control_framework_manager

    [Operator]

    		 Users with this role can manage item, associate items to related objects, create indicators, supporting data, associate indicator to related objects, attestation designer, types, grouping criteria, associate control objectives to indicator templates, entities, and entity types.
    sn_compliance.library_manager

    [Operator]

    		 Users with this role can create authority documents, citations, control objectives, policies, and associate library to taxonomy
    sn_compliance.policy_mgr

    [Operator]

    		 Users with this role can manage compliance library objects, perform policy lifecycle, configure exception reasons, define policy exception approval rules, and configure dynamic approval rules.
    sn_grc.library_admin

    [Operator]

    		 Users with this role can delete or deactivate library.
    sn_grc.compliance_assurance_admin

    [Operator]

    		 Users with this role can delete indicator, item, assessment criteria, and create or delete functional domain registry records.
    sn_compliance.library_admin

    [Operator]

    		 Users with this role can delete or deactivate library.
    sn_compliance.control_framework_admin

    [Operator]

    		 Users with this role can delete control, control requirements, create association between control to control objectives and compliance score record.
    sn_compliance.policy_admin

    [Operator]

    		 Users with this role can delete policy, acknowledge campaign, policy, and policy exception.