AI Control Tower roles

  • Release version: Australia
  • Updated March 12, 2026
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of AI Control Tower roles

    The AI Control Tower roles provide a structured set of permissions for managing AI governance, risk, compliance, and asset lifecycle within ServiceNow. These roles enable organizations to adopt, configure, and oversee AI-related initiatives, ensuring adherence to policies and effective management of AI systems across the enterprise.

    Show full answer Show less

    Key Roles and Responsibilities

    • AI Steward: Responsible for configuring the AI Control Tower, adopting AI governance practices, managing AI assets, collaborating across teams, and approving AI-related requests. This role includes permissions for configuring third-party large language models, multi-instance management, and managing AI discovery and gateway settings.
    • AI Control Tower Workspace User: Manages AI assets and has exclusive access to the AI portfolio tab and home page.
    • AI Asset Owner: Ensures AI assets are accurately represented and kept up to date throughout their lifecycle, managing AI systems, models, datasets, and prompts.

    AI Risk and Compliance Roles

    These roles are installed with the AI Risk and Compliance application and provide capabilities to manage AI risk assessments, impact assessments, case management, and compliance tasks:

    • AI Risk and Compliance Admin: Sets up risk and impact assessment frameworks, configures methodologies and automation rules, manages AI case types, and controls entity-based access settings.
    • AI Risk and Compliance Manager: Manages AI systems’ lifecycle, initiates risk and impact assessments, control attestations, and manages bulk access configurations.
    • AI Risk and Compliance Analyst: Performs impact and risk assessments and manages AI systems lifecycle on assigned records.
    • AI Risk and Compliance Business User: Creates AI cases, works on assigned tasks, and performs control attestations.
    • AI Risk and Compliance Reader: Provides read-only access to AI systems and impact assessments.
    • AI System Reader: Provides read access to AI systems in both the AI Control Tower and AI Risk and Compliance workspaces.

    AI Case Management Roles

    • AI Case Business User: Can create AI cases and inquiries via the Employee Center.
    • AI Case Analyst: Reviews assigned AI cases and inquiries, identifies impacted areas, and manages related compliance risks.
    • AI Case Manager: Reviews all AI cases and inquiries along with associated information.
    • AI Case Admin: Manages AI case type profiles, sets assignment rules, and can delete AI cases.

    Practical Benefits for ServiceNow Customers

    Assigning these roles allows organizations to:

    • Effectively govern AI assets and initiatives with proper oversight and approval workflows.
    • Manage AI-related risks and compliance requirements through structured assessment and case management capabilities.
    • Ensure clear role segregation and controlled access to AI systems and data.
    • Collaborate cross-functionally to align AI practices with organizational policies.

    Understanding and applying these roles enables organizations to maximize the value of the AI Control Tower and AI Risk and Compliance applications while maintaining governance and compliance standards.

    Certain roles are installed along with the installation of the AI Control Tower.This section also covers roles which are installed with AI Risk and Compliance.

    Table 1. Roles and their descriptions
    Role title [name] Description Contains roles
    AI steward

    [sn_ai_governance.ai_steward]
    Note:
    The organization decides on assigning the AI steward role. By adding the users to the AI stewards group, allows user to have additional permissions related to playbook.

    The AI steward is responsible for:

    • Configuring AI Control Tower
    • Adoption of AI governance practices
    • Adoption of managing AI Control Tower and linking the AI asset Inventory
    • Execution of AI Control Tower initiatives
    • Understand the AI assets and AI Control Tower policies
    • Creating AI assets
    • Completing the AI asset lifecycle
    • Collaboration of cross-functional teams within the organization to confirm that the organization policies are adhered
    • Creating AI Control Tower Approval Playbook for Now Assist approvals.
    • Configure third-party LLMs and SLMs
    • Configure Multi-instance management
    • Add and edit a value template
    • Learning to use the access map
    • Approve or reject an approval request

    For AI discovery:

    • Activate or deactivate hyperscaler connections
    • Select the hyperscaler connections to discover agents and usage on-demand

    For AI Gateway:

    • Add an MCP server via AI Agent Studio
    • Set up MCP client connections
    • sn_nowassist_admin.user
    • sn_ai_governance.workspace_admin
    • sn_aia.admin
    • aig_admin
    • sn_mcp_client.admin
    • sn_align_core.apw_user- Can create, update, and delete portfolio plans, free-form road maps, and planning items
    • it_demand_manager- User who manages the inflow, screening and facilitates the prioritization of IT demands
    • it_project_manager- User of the project management application, and manager of IT projects
    • sn_apw_advanced.pf_user- Can create, view, update, and delete the Product Feedback records
    AI Control Tower Workspace user [sn_ai_governance_workspace_user]

    The AI Control Tower Workspace user is responsible for:

    • Own and manage the AI assets
    • Access the AI Control Tower home page
    • Exclusive access to the AI portfolio tab
    		 None
    AI asset owner [sn_ai_asset_mgmt.ai_asset_owner]

    The AI asset owner is responsible for:

    • Confirm that AI assets are represented accurately and kept up to date
    • Manage AI assets like AI systems, AI models, datasets, and prompts through their asset lifecycle from intake to retirement
    • Access My overview, Value, and Adoption tabs
    • Creating an AI asset from the AI Control Tower home page using Create AI Asset icon
    • Marking the deploy phase of the AI asset lifecycle task complete. If the AI asset gets deployed, then the state of the task doesn’t change anything automatically in the asset table or the asset governance details record
    		 None

    AI AI Risk and Compliance roles

    The AI Risk and Compliance application installs the essential role to perform respective day-to-day operational tasks for managing AI systems across the enterprise.

    Table 2. Roles and their descriptions
    Role title [name] Description Contains roles

    AI Risk and Compliance Admin

    [sn_grc_ai_gov.ai_risk_and_compliance_admin]

    		 ​The AI Risk and Compliance Admin can perform the following tasks:
    • Set up risk and impact assessment frameworks. Configure risk assessment methodologies, risk contribution factors, and impact assessment templates
    • Define automation rules for impact assessments to determine applicable risks and controls based on the assessment responses
    • Set up and profile AI case types
    • Delete AI systems.
    • Enable or disable Entity-Based Access for record types associated with entity properties, and configure the Entity-Based Access settings as needed.
      Note:
      GRC: Entity Based Access application must be installed to use this feature
    • sn_smart_asmt.template_manager
    • sn_grc_ai_gov.ai_risk_and_compliance_manager
    • sn_smart_asmt.assessment_admin
    • sn_grc_workspace.state_model_admin
    • sn_smart_asmt.template_contributor
    • sn_ai_case_mgmt.ai_case_admin
    • sn_reg_body_mgmt.writer
    • sn_risk_advanced.ara_admin
    • sn_rec_pg_vertical.admin
    • sn_grc_ent_access.admin
      Note:
      GRC: Entity Based Access application must be installed for this role to be available.

    AI Risk and Compliance Manager

    [sn_grc_ai_gov.ai_risk_and_compliance_manager]

    		 ​The AI Risk and Compliance Manager can access all AI systems on the system and perform the following tasks:​
    • Initiate impact assessments
    • Manage the life cycle of an AI system
    • Initiate risk assessments
    • Initiate control attestations
    • Write and update access to the bulk access update configuration.
      Note:
      GRC: Entity Based Access application must be installed to use this feature.
    • sn_grc_ai_gov.ai_risk_and_compliance_analyst
    • sn_smart_asmt.template_contributor
    • sn_smart_asmt.template_manager
    • sn_risk_advanced.risk_asmt_project_manager
    • sn_ai_case_mgmt.ai_case_manager
    • sn_grc_ent_access.bulk_access_config_admin
      Note:
      GRC: Entity Based Access application must be installed for this role to be available.

    AI Risk and Compliance Analyst

    [sn_grc_ai_gov.ai_risk_and_compliance_analyst]

    		 The AI Risk and Compliance Analyst can access all AI systems assigned to them in the system and perform the following tasks only on the assigned records:
    • Initiate impact assessments
    • Manage the life cycle of an AI system
    • Initiate risk assessments
    • Initiate control attestations
    • sn_ai_case_mgmt.ai_case_analyst
    • sn_smart_asmt.assessment_reader
    • sn_smart_asmt.template_reader
    • sn_grc_ai_gov.ai_risk_and_compliance_business_user
    • sn_grc_ai_gov.ai_risk_and_compliance_reader
    • sn_grc_workspace.user
    • sn_grc_workspace.state_model_reader
    • sn_risk_advanced.ara_creator
    • sn_risk_advanced.ara_assessor
    • sn_risk_advanced.ara_approver
    • sn_risk_advanced.risk_asmt_project_user

    AI Risk and Compliance Business User

    [sn_grc_ai_gov.ai_risk_and_compliance_business_user]

    		 The ​AI Risk and Compliance User can perform the following tasks:
    • Create AI case on the Employee Center
    • Work on the assigned tasks
    • Perform control attestations
    • sn_grc_workspace.assessment_template_configuration_reader
    • sn_smart_asmt.actor
    • sn_grc_workspace.user
    • sn_smart_asmt.assessment_reader
    • sn_risk_advanced.risk_asmt_project_reader
    Note:
    For more information on AI Control Tower roles, see AI Control Tower roles.

    AI Risk and Compliance Reader

    [sn_grc_ai_gov.ai_risk_and_compliance_reader]

    		 ​The AI Risk and Compliance Reader can have read access to the AI systems and AI impact assessments.
    • sn_grc_workspace.user
    • sn_grc_workspace.state_model_reader

    AI System Reader

    [sn_grc_ai_gov.ai_risk_and_compliance_ai_system_reader]

    		 ​The AI System Reader can have read access to the AI systems on AI Control Tower workspace and AI Risk and Compliance workspace.​ NA​

    AI Case Business User

    [sn_ai_case_mgmt.ai_case_business_user]

    		 The AI Case Business User can create ​AI case and AI inquiry on the Employee Center. sn_grc_case_mgmt.grc_case_business_user​

    AI Case Analyst

    [sn_ai_case_mgmt.ai_case_analyst]

    		 The AI Case Analyst can review the AI cases and AI inquiries assigned to them in the system and perform the following tasks only on the assigned records:
    • Identify and manage impacted and related areas such as policies, regulations, and enterprise-wide compliance risks
    • Identify and manage issues related to impacted areas to eliminate the root causes
    • sn_grc_case_mgmt.grc_case_analyst
    • sn_ai_case_mgmt.ai_case_business_user

    AI Case Manager

    [sn_ai_case_mgmt.ai_case_manager]

    		 The AI Case Manager can review all the AI cases, AI inquiries, and its associated information.
    • sn_ai_case_mgmt.ai_case_analyst
    • sn_grc_case_mgmt.grc_case_manager

    AI Case Admin

    [sn_ai_case_mgmt.ai_case_admin]

    		 The AI Case Admin can manage type profiles to segregate AI cases. They can set up assignment rules and delete AI cases.
    • sn_grc_case_mgmt.grc_case_admin
    • sn_ai_case_mgmt.ai_case_manager