Removing assignments from container vulnerable items and remediation tasks

  • Release version: Australia
  • Updated April 3, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Removing assignments from container vulnerable items and remediation tasks

    This feature enables you to clear theAssigned toandAssignment groupfields on container vulnerable items (CVITs) and remediation tasks (CVULs) when you find them incorrectly assigned to you or your groups. It helps ensure remediation responsibilities are accurately allocated and allows you to remove assignments from records that are outside your scope.

    Show full answer Show less

    The unassign workflow is accessible in both the workspace and classic views for CVITs and CVULs, and it can be used on records that are not in the Closed or Resolved state. You may also choose to send unassign requests for approval as part of this process.

    How the Unassign Process Works

    • When a request to clear assignment fields on a CVUL is approved, all CVITs linked to that CVUL with the same assignment group are also unassigned.
    • CVITs with assignment groups differing from their associated CVUL remain assigned, typically because they were manually assigned.
    • Updated records, whether changed manually or via the UI action, appear in the Unassigned module for Container Vulnerability Response.

    System Properties and Approval Workflow

    • The snvul.unassignvr.approvalrequired system property governs whether unassign actions require approval. By default, it triggers an approval workflow routing requests to users with the snvulcontainer.unassignapprover role.
    • Vulnerability administrators ([snvul.vulnerabilityadmin]) can disable the approval requirement by setting this property to false.
    • The snvul.defaultassignmentgroup system property lets you specify a default group to be assigned automatically whenever assignment fields are cleared. This ensures unassigned records are redirected to an appropriate group for review.
    • Changing the default assignment group means all unassigned VITs, AVITs, and CVITs trigger notifications to that specified group.

    Practical Benefits for ServiceNow Customers

    • Efficiently manage and correct assignment errors to maintain clear accountability for vulnerability remediation tasks.
    • Support governance by routing unassign requests through an approval process to prevent unauthorized changes.
    • Customize assignment flows using system properties to align with your organization's operational structure and notification needs.
    • Access flexibility with support for both workspace and classic interfaces, ensuring consistent unassign capabilities across your environment.

    You can clear the Assigned to and Assignment group fields on container vulnerable items directly from the container vulnerable item and remediation task records that you determine might be incorrectly assigned to you or your groups.

    Overview for the workflow

    If you determine that container vulnerable items (CVITs) and remediation tasks (CVULs) aren't within your scope for remediation, or if you think that records have been incorrectly assigned to you or to your groups, you can remove yourself or your groups from the Assigned to and Assignment group fields on CVIT and CVUL records.

    The unassign workflow is supported in workspace and both classic and workspace views for CVITs and CVULs.

    You have the option to send requests to clear the assignment fields for approval. See Approve or reject an unassign request in Vulnerability Response and Removing assignments from vulnerable items and remediation tasks for more information.

    • The Unassign UI action is displayed on CVIT and CVUL records in any state other than the Closed or Resolved.
      Note:
      After the request to clear the fields is approved for a CVUL, all the Assigned to and Assignment group fields on CVITs that have the same assignment group are unassigned. If any CVIT on a CVUL has a different assignment group than its associated CVUL, it is not unassigned. In most cases these CVITs have been manually assigned. See Removing assignments from vulnerable items and remediation tasks for more information.
    • Any records that you update with either the UI action or manually are displayed on the Unassigned module for Container Vulnerability Response.

    See Remove assignments from vulnerable items and remediation tasks for more information about the steps for how to clear the assignment fields.

    System properties and approval notifications

    If a remediation owner selects Unassign on a record, by default, the sn_vul.unassign_vr.approval_required system property triggers the approval flow and creates a state change approval record in the Review state, and the request is routed for approval. The request is displayed on the My Approvals list for users with the sn_vul_container.unassign_approver.

    Note:
    As a vulnerability administrator [sn_vul.vulnerability_admin], you can set the sn_vul.unassign_vr.approval_required system property to false to disable the approval process.

    Additionally, you can change the value in the sn_vul.default_assignment_group system property so if the assignment fields are cleared, a specific group is assigned. For example, if a user clicks Unassign on a record and you want to redirect it to a specific group for review, you can add the system ID for the group of your choice in the value field of the system property.

    Note:
    If you change this value, notifications for all the VITs, AVITs, and CVITs that are unassigned are sent to the group you specify.