AI Control Tower roles

  • Release version: Yokohama
  • Updated March 12, 2026
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of AI Control Tower roles

    The AI Control Tower roles are designed to support the governance, management, and risk compliance of AI systems within an enterprise using ServiceNow. These roles are installed with the AI Control Tower and AI Risk and Compliance applications, enabling organizations to manage AI assets, enforce policies, conduct risk assessments, and oversee AI cases effectively.

    Show full answer Show less

    AI Control Tower Roles

    • AI Steward: Assigned by the organization, this role has extensive permissions to configure and manage AI Control Tower initiatives, including AI asset lifecycle management, policy adherence, playbook creation, third-party LLM/SLM configuration, multi-instance management, and approval workflows. It also involves activating hyperscaler connections for AI discovery and managing AI Gateway MCP server settings.
    • AI Control Tower Workspace User: Responsible for owning and managing AI assets with exclusive access to the AI portfolio tab and the AI Control Tower homepage.
    • AI Asset Owner: Ensures AI assets are accurately represented and maintained throughout their lifecycle, manages AI systems, models, datasets, and prompts, and updates deployment phases. They have access to overview, value, and adoption tabs within the AI Control Tower.

    AI Risk and Compliance Roles

    • AI Risk and Compliance Admin: Manages setup of risk and impact assessment frameworks, configures methodologies and templates, defines automation rules, profiles AI case types, deletes AI systems, and manages entity-based access settings (requires GRC Entity Based Access application).
    • AI Risk and Compliance Manager: Has full access to AI systems, can initiate impact and risk assessments, manage AI system lifecycles, perform control attestations, and manage bulk access updates (requires GRC Entity Based Access application).
    • AI Risk and Compliance Analyst: Performs impact and risk assessments and manages AI system lifecycles on assigned records only.
    • AI Risk and Compliance Business User: Creates AI cases via Employee Center, works on assigned tasks, and performs control attestations.
    • AI Risk and Compliance Reader: Read-only access to AI systems and impact assessments.
    • AI System Reader: Read access to AI systems within both AI Control Tower and AI Risk and Compliance workspaces.

    AI Case Management Roles

    • AI Case Business User: Can create AI cases and inquiries from the Employee Center.
    • AI Case Analyst: Reviews assigned AI cases and inquiries, identifies impacted areas, compliance risks, and manages issue resolution.
    • AI Case Manager: Reviews all AI cases and inquiries along with associated information.
    • AI Case Admin: Manages AI case type profiles, sets up assignment rules, and can delete AI cases.

    Practical Implications for ServiceNow Customers

    Understanding and assigning these roles correctly ensures proper governance and lifecycle management of AI assets, risk and compliance assessments, and effective handling of AI-related cases within ServiceNow. The roles provide a framework to distribute responsibilities across organizational teams, enabling streamlined AI governance aligned with enterprise policies and regulatory requirements.

    Certain roles are installed along with the installation of the AI Control Tower.This section also covers roles which are installed with AI Risk and Compliance.

    Table 1. Roles and their descriptions
    Role title [name] Description Contains roles
    AI steward

    [sn_ai_governance.ai_steward]
    Note:
    The organization decides on assigning the AI steward role. By adding the users to the AI stewards group, allows user to have additional permissions related to playbook.

    The AI steward is responsible for:

    • Configuring AI Control Tower
    • Adoption of AI governance practices
    • Adoption of managing AI Control Tower and linking the AI asset Inventory
    • Execution of AI Control Tower initiatives
    • Understand the AI assets and AI Control Tower policies
    • Creating AI assets
    • Completing the AI asset lifecycle
    • Collaboration of cross-functional teams within the organization to confirm that the organization policies are adhered
    • Creating AI Control Tower Approval Playbook for Now Assist approvals.
    • Configure third-party LLMs and SLMs
    • Configure Multi-instance management
    • Add and edit a value template
    • Learning to use the access map
    • Approve or reject an approval request

    For AI discovery:

    • Activate or deactivate hyperscaler connections
    • Select the hyperscaler connections to discover agents and usage on-demand

    For AI Gateway:

    • Add an MCP server via AI Agent Studio
    • Set up MCP client connections
    • sn_nowassist_admin.user
    • sn_ai_governance.workspace_admin
    • sn_aia.admin
    • aig_admin
    • sn_mcp_client.admin
    • sn_align_core.apw_user- Can create, update, and delete portfolio plans, free-form road maps, and planning items
    • it_demand_manager- User who manages the inflow, screening and facilitates the prioritization of IT demands
    • it_project_manager- User of the project management application, and manager of IT projects
    • sn_apw_advanced.pf_user- Can create, view, update, and delete the Product Feedback records
    AI Control Tower Workspace user [sn_ai_governance_workspace_user]

    The AI Control Tower Workspace user is responsible for:

    • Own and manage the AI assets
    • Access the AI Control Tower home page
    • Exclusive access to the AI portfolio tab
    		 None
    AI asset owner [sn_ai_asset_mgmt.ai_asset_owner]

    The AI asset owner is responsible for:

    • Confirm that AI assets are represented accurately and kept up to date
    • Manage AI assets like AI systems, AI models, datasets, and prompts through their asset lifecycle from intake to retirement
    • Access My overview, Value, and Adoption tabs
    • Creating an AI asset from the AI Control Tower home page using Create AI Asset icon
    • Marking the deploy phase of the AI asset lifecycle task complete. If the AI asset gets deployed, then the state of the task doesn’t change anything automatically in the asset table or the asset governance details record
    		 None

    AI AI Risk and Compliance roles

    The AI Risk and Compliance application installs the essential role to perform respective day-to-day operational tasks for managing AI systems across the enterprise.

    Table 2. Roles and their descriptions
    Role title [name] Description Contains roles

    AI Risk and Compliance Admin

    [sn_grc_ai_gov.ai_risk_and_compliance_admin]

    		 ​The AI Risk and Compliance Admin can perform the following tasks:
    • Set up risk and impact assessment frameworks. Configure risk assessment methodologies, risk contribution factors, and impact assessment templates
    • Define automation rules for impact assessments to determine applicable risks and controls based on the assessment responses
    • Set up and profile AI case types
    • Delete AI systems.
    • Enable or disable Entity-Based Access for record types associated with entity properties, and configure the Entity-Based Access settings as needed.
      Note:
      GRC: Entity Based Access application must be installed to use this feature
    • sn_smart_asmt.template_manager
    • sn_grc_ai_gov.ai_risk_and_compliance_manager
    • sn_smart_asmt.assessment_admin
    • sn_grc_workspace.state_model_admin
    • sn_smart_asmt.template_contributor
    • sn_ai_case_mgmt.ai_case_admin
    • sn_reg_body_mgmt.writer
    • sn_risk_advanced.ara_admin
    • sn_rec_pg_vertical.admin
    • sn_grc_ent_access.admin
      Note:
      GRC: Entity Based Access application must be installed for this role to be available.

    AI Risk and Compliance Manager

    [sn_grc_ai_gov.ai_risk_and_compliance_manager]

    		 ​The AI Risk and Compliance Manager can access all AI systems on the system and perform the following tasks:​
    • Initiate impact assessments
    • Manage the life cycle of an AI system
    • Initiate risk assessments
    • Initiate control attestations
    • Write and update access to the bulk access update configuration.
      Note:
      GRC: Entity Based Access application must be installed to use this feature.
    • sn_grc_ai_gov.ai_risk_and_compliance_analyst
    • sn_smart_asmt.template_contributor
    • sn_smart_asmt.template_manager
    • sn_risk_advanced.risk_asmt_project_manager
    • sn_ai_case_mgmt.ai_case_manager
    • sn_grc_ent_access.bulk_access_config_admin
      Note:
      GRC: Entity Based Access application must be installed for this role to be available.

    AI Risk and Compliance Analyst

    [sn_grc_ai_gov.ai_risk_and_compliance_analyst]

    		 The AI Risk and Compliance Analyst can access all AI systems assigned to them in the system and perform the following tasks only on the assigned records:
    • Initiate impact assessments
    • Manage the life cycle of an AI system
    • Initiate risk assessments
    • Initiate control attestations
    • sn_ai_case_mgmt.ai_case_analyst
    • sn_smart_asmt.assessment_reader
    • sn_smart_asmt.template_reader
    • sn_grc_ai_gov.ai_risk_and_compliance_business_user
    • sn_grc_ai_gov.ai_risk_and_compliance_reader
    • sn_grc_workspace.user
    • sn_grc_workspace.state_model_reader
    • sn_risk_advanced.ara_creator
    • sn_risk_advanced.ara_assessor
    • sn_risk_advanced.ara_approver
    • sn_risk_advanced.risk_asmt_project_user

    AI Risk and Compliance Business User

    [sn_grc_ai_gov.ai_risk_and_compliance_business_user]

    		 The ​AI Risk and Compliance User can perform the following tasks:
    • Create AI case on the Employee Center
    • Work on the assigned tasks
    • Perform control attestations
    • sn_grc_workspace.assessment_template_configuration_reader
    • sn_smart_asmt.actor
    • sn_grc_workspace.user
    • sn_smart_asmt.assessment_reader
    • sn_risk_advanced.risk_asmt_project_reader
    Note:
    For more information on AI Control Tower roles, see AI Control Tower roles.

    AI Risk and Compliance Reader

    [sn_grc_ai_gov.ai_risk_and_compliance_reader]

    		 ​The AI Risk and Compliance Reader can have read access to the AI systems and AI impact assessments.
    • sn_grc_workspace.user
    • sn_grc_workspace.state_model_reader

    AI System Reader

    [sn_grc_ai_gov.ai_risk_and_compliance_ai_system_reader]

    		 ​The AI System Reader can have read access to the AI systems on AI Control Tower workspace and AI Risk and Compliance workspace.​ NA​

    AI Case Business User

    [sn_ai_case_mgmt.ai_case_business_user]

    		 The AI Case Business User can create ​AI case and AI inquiry on the Employee Center. sn_grc_case_mgmt.grc_case_business_user​

    AI Case Analyst

    [sn_ai_case_mgmt.ai_case_analyst]

    		 The AI Case Analyst can review the AI cases and AI inquiries assigned to them in the system and perform the following tasks only on the assigned records:
    • Identify and manage impacted and related areas such as policies, regulations, and enterprise-wide compliance risks
    • Identify and manage issues related to impacted areas to eliminate the root causes
    • sn_grc_case_mgmt.grc_case_analyst
    • sn_ai_case_mgmt.ai_case_business_user

    AI Case Manager

    [sn_ai_case_mgmt.ai_case_manager]

    		 The AI Case Manager can review all the AI cases, AI inquiries, and its associated information.
    • sn_ai_case_mgmt.ai_case_analyst
    • sn_grc_case_mgmt.grc_case_manager

    AI Case Admin

    [sn_ai_case_mgmt.ai_case_admin]

    		 The AI Case Admin can manage type profiles to segregate AI cases. They can set up assignment rules and delete AI cases.
    • sn_grc_case_mgmt.grc_case_admin
    • sn_ai_case_mgmt.ai_case_manager