Roles installed with Operational Resilience

  • Release version: Australia
  • Updated May 30, 2026
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Roles installed with Operational Resilience

    Operational Resilience in ServiceNow comes with various pre-defined roles tailored to manage and support operational continuity, risk, and compliance activities. These roles ensure appropriate access and responsibilities for administrators, managers, and users across different modules, including BCM (Business Continuity Management) and IRM (Integrated Risk Management).

    Show full answer Show less

    Key Roles and Their Responsibilities

    • Operational Resilience Administrator [snoperres.admin]: Configures scenarios, entity types, filters, and customizes dashboards. Requires ITIL role for CMDB relationship management. Contains administrative and case management roles.
    • Operational Resilience Manager [snoperres.manager]: Oversees operational resilience using dashboards and reports, with roles for case management and risk reading.
    • Operational Resilience User [snoperres.user]: Reviews reports, completes impact tolerance and test plans, and accesses vulnerability response data. Can submit operational vulnerability reports via the employee center.
    • BCM and Operational Resilience Roles [snoperres.bcmopres]: These roles (Admin, Manager, User) provide combined access to BCM Configurable Workspace and Operational Resilience Workspace, with the User role limited to BCM viewing and operational resilience usage.
    • IRM Operational Resilience Roles [snoperres.irmopres]: Roles designed for IRM users who access Operational Resilience Workspace but have restricted access to BCM or Compliance and Risk Workspaces, depending on the role level.
    • Incident Reporting Roles [sndriincrptg.]: Includes admin, manager, and user roles for managing and participating in digital resilience incident activities.

    Role Families and Lite App Integration

    When Lite applications for BCM and IRM are installed, corresponding Operational Resilience roles are adjusted as Lite operators. These roles allow access to specific workspaces and limit access to full professional capabilities. The roles integrate with permissions required to use BCM and IRM features efficiently.

    Access to Workspaces

    • Operational Resilience Workspace and BCM Configurable Workspace: Accessible to BCM Operational Resilience User, Manager, and Admin roles.
    • Operational Resilience Workspace: Accessible to IRM Operational Resilience User, Manager, and Admin roles.
    • Risk Workspace: Access granted to specific risk management roles.
    • Compliance Workspace: Access granted to defined compliance analyst and manager roles.

    Plugin Dependencies

    • BCM Professional: Requires Business Continuity Planning, Business Impact Analysis, Crisis Management, and Data Relationships Framework applications. Vulnerability Response is optional. BCM Professional users do not have access to IRM roles (sngrc.reader, sngrc.manager, sngrc.admin).
    • IRM Professional: Requires Advanced Risk Assessment, Data Relationships Framework, Policy and Compliance Management, and Risk Management applications. Vulnerability Response is optional. Installing these plugins grants access to the full range of IRM-related roles including sngrc.reader, sngrc.manager, and sngrc.admin.

    Practical Considerations for ServiceNow Customers

    • Assign roles based on user responsibilities to ensure proper access to Operational Resilience and BCM or IRM capabilities.
    • For users needing to configure or manage dashboards and scenarios, assign the Operational Resilience Administrator role with ITIL privileges.
    • Ensure the correct plugins are installed to enable role capabilities, especially when transitioning between BCM and IRM Professional versions.
    • Leverage Lite roles if using the Lite applications to optimize licensing and access control.
    • Use incident reporting roles to control participation and management of digital resilience incidents.

    Several types of roles are installed with the Operational Resilience application.

    Roles that are installed with Operational Resilience

    Note:
    For more information on roles and FAQs, see KB0555605.
    Table 1. Roles installed with Operational Resilience
    Role name Description
    Operational Resilience administrator

    [sn_oper_res.admin]

    		 The Operational Resilience administrator is responsible for:
    • Configuring scenarios
    • Setting up entity types, entity filters, and reporting pillars based on dashboard requests from the business teams.
    • Customizing reports on the Operational Resilience dashboard.

    The Operational Resilience administrator should have the ITIL role to add the CMDB relationship between the service and the process.

    The Operational Resilience administrator role contains the following roles:
    • sn_grc.admin
    • sn_oper_res.manager
    • Contains sn_grc_case_mgmt.grc_case_admin, who inherits the ability to set up the vulnerability type, state models, vulnerability assessment templates, and document templates.
    Operational Resilience Manager

    [sn_oper_res.manager]

    		 The Operational Resilience Manager is responsible for:
    • Ensuring operational resilience in the organization using the dashboards and reports
    • Reviewing reports on the Operational Resilience dashboard, as well as supporting data.
    The Operational Resilience Manager role contains the following roles:
    • sn_grc.manager
    • sn_compliance.reader
    • sn_oper_res.user
    • sn_risk.reader
    • Contains sn_grc_case_mgmt.grc_case_manager, who inherits the ability to submit operational vulnerability (A type of case).
    Operational Resilience User

    [sn_oper_res.user]

    		 The Operational Resilience User is responsible for:
    • Reviewing reports on the Operational Resilience dashboard, as well as supporting data.
    • Completing impact tolerance and test plans for individuals assigned to the service impact analysis.

    The Operational Resilience User can access the Vulnerability Response data.

    The Operational Resilience User role contains the following roles:
    • sn_incident.read
    • sn_grc.reader
    • task_editor
    • Contains sn_grc_case_mgmt.grc_case_business_user, who can be assigned tasks or issues in the operational vulnerability.
    sn_oper_res.operational_resilience_business_user

    Submits "Report operational vulnerability" from the employee center from: instancename/esc?id=emp_taxonomy_topic&topic_id=14aedd93a314121051b1ab18951e6150&in_context=true
    BCM and Operational Resilience Administrator [sn_oper_res.bcm_opres_admin] The BCM and Operational Resilience Administrator role contains the following roles:
    • sn_oper_res.bcm_opres_manager
    • sn_oper_res.admin
    BCM and Operational Resilience Manager [sn_oper_res.bcm_opres_manager] The BCM and Operational Resilience Manager role contains the following roles:
    • sn_oper_res.bcm_opres_user
    • sn_oper_res.manager
    BCM and Operational Resilience User [sn_oper_res.bcm_opres_user] The BCM and Operational Resilience User role has the following permissions:
    • Can read the BCM UIB Workspace.
    • Cannot access the IRM reports or data.
    The BCM and Operational Resilience User role contains the following roles:
    • sn_bcm.viewer
    • sn_oper_res.user
    IRM Operational Resilience User [sn_oper_res.irm_opres_user]
    The Integrated Risk Management (IRM) Operational Resilience User role cannot access the BCM reports and data. It contains:
    • sn_grc.reader
    • sn_oper_res.user
    The following user roles are contained only when policy and compliance management and risk management are installed:
    • sn_compliance.reader
    • sn_risk.reader
    IRM Operational Resilience Administrator [sn_oper_res.irm_opres_admin] The IRM Operational Resilience Administrator role contains the following roles:
    • sn_oper_res.irm_opres_manager
    • sn_oper_res.admin
    IRM Operational Resilience Manager [sn_oper_res.irm_opres_manager] The IRM Operational Resilience Manager role contains the following roles:
    • sn_oper_res.irm_opres_user
    • sn_oper_res.manager
    Table 2. Model types when Lite Apps are installed
    Roles

    Family

    		 Comments
    sn_oper_res.admin IRM None
    sn_oper_res.manager IRM None
    sn_oper_res.user IRM The sn_oper_res.user role is required to access Vulnerability profile records.
    New roles introduced
    sn_oper_res.bcm_opres_admin BCM

    The sn_bcm.viewer role is required to access the BCM Configurable Workspace.​

    A user with the sn_oper_res.bcm_opres_user+ role can access both Operational Resilience Workspace and BCM Configurable Workspace.
    sn_oper_res.bcm_opres_manager BCM
    sn_oper_res.bcm_opres_user BCM
    sn_oper_res.irm_opres_admin IRM

    A user with the sn_oper_res.irm_opres_user+​ role can access the Operational Resilience Workspace, but cannot access the Compliance Workspace and Risk Workspace. ​

    Extra roles are needed to access the Compliance Workspace and Risk Workspace.
    sn_oper_res.irm_opres_manager IRM
    sn_oper_res.irm_opres_user IRM

    Roles created for BCM Professional and IRM Professional

    • The following roles are created for the BCM Professional users:
      Note:
      When the app-grc-bcm-lite applications are not installed, the users with these roles are counted as operators.
      • sn_oper_res.bcm_opres_admin
      • sn_oper_res.bcm_opres_manager
      • sn_oper_res.bcm_opres_user
    • The following roles are created for the IRM Professional users:
      Note:
      When the app-grc-bcm-lite applications are not installed, the users with these roles are counted as operators.
      • sn_oper_res.irm_opres_admin
      • sn_oper_res.irm_opres_manager
      • sn_oper_res.irm_opres_user​
    • When the following Lite applications are installed, the users with the sn_oper_res.bcm_opres_user, sn_oper_res.irm_opres_user, or sn_oper_res.user roles are counted as Lite operators.
      • BCM Lite application: app-grc-bcm-lite (Plugin id: com.snc.app_grc_bcm_lite)​
      • IRM Lite application: app-grc-business-user-lite (Plugin id: com.sn_grc_lite)​
    • The sn_oper_res.admin, sn_oper_res.manager, and sn_oper_res.user roles are included in IRM.
    Note:
    Starting with Operational Resilience, version 22.3.1, the sn_grc.reader, sn_grc.manager, and sn_grc.admin roles require the IRM Professional plugins and are no longer granted through BCM Professional. If you previously accessed these roles through BCM Professional, you can use them only after the IRM Professional plugins are installed.

    Roles required for accessing the Workspaces

    A user with one of the following roles can access the Operational Resilience Workspace and BCM Configurable Workspace:
    • sn_oper_res.bcm_opres_user​
    • sn_oper_res.bcm_opres_manager​
    • sn_oper_res.bcm_opres_admin
    ​A user with any following role can access the Operational Resilience Workspace:
    • sn_oper_res.irm_opres_user
    • sn_oper_res.irm_opres_manager
    • sn_oper_res.irm_opres_admin
    A user with one of the following roles can access the Risk Workspace:
    • sn_risk_workspace.business_op_risk_manager​
    • sn_risk_workspace.IT_risk_manager​
    • sn_risk_workspace.operational_risk_manager​
    A user with one of the following roles can access the Compliance Workspace:
    • sn_compliance_ws.corporate_compliance_analyst​
    • sn_compliance_ws.corporate_compliance_manager​
    • sn_compliance_ws.it_compliance_manager​

    Roles used for reporting the incidents

    The following roles are used for reporting incidents in the Digital resilience incident reporting module.
    Table 3. Roles used for reporting the incidents
    Role Description
    sn_dri_inc_rptg.digital_resilience_incident_admin Role for setting up administrative and Digital resilience incident activities.
    sn_dri_inc_rptg.digital_resilience_incident_manager Role for creating Operational Resilience and Digital resilience incident activities.
    sn_dri_inc_rptg.digital_resilience_incident_user Role for participating in Operational Resilience and Digital resilience incident activities.

    Plugin dependencies for BCM Professional

    For BCM Professional, the following mandatory applications are installed with Operational Resilience.
    • Business Continuity Planning (com.snc.bcm.app_bcm_planning)
    • Business Impact Analysis (com.snc.bcm.app_bcm_bia)
    • Crisis Management (com.snc.bcm.app_bcm_exercise)
    • Data Relationships Framework (com.sn_app_grc_relationship_config)
    • Optional: Vulnerability Response (com.snc.vulnerability)
    Note:
    BCM Professional customers cannot install the IRM plugins. As a result, the sn_grc.reader, sn_grc.manager, and sn_grc.admin roles are not available with BCM Professional. To obtain these roles, install the IRM Professional plugins as described in the "Plugin dependencies for IRM Professional" section. User can perform the same Operational Resilience operations previously available through sn_grc.reader, sn_grc.manager, and sn_grc.admin roles via feature roles.

    Plugin dependencies for IRM Professional

    For IRM Professional, the following applications are required and must be installed manually with Operational Resilience.
    • Advanced Risk Assessment (com.sn_risk_advanced)
    • Data Relationships Framework (com.sn_app_grc_relationship_config)
    • Policy and Compliance Management (com.sn_compliance)
    • Risk Management (com.sn_risk)
    • Optional: Vulnerability Response (com.snc.vulnerability)
    Note:
    Installing the IRM Professional plugins also grants the sn_grc.reader, sn_grc.manager, and sn_grc.admin roles.