Components installed with ITSM Roles - Change Management
Summarize
Summary of Components installed with ITSM Roles - Change Management
Installing the ITSM Roles — Change Management plugin (com.snc.itsm.roles.changemanagement) in ServiceNow sets up essential user roles and security Access Control Lists (ACLs) to support Change Management and related IT Service Management (ITSM) functionalities. This plugin updates security models by integrating revised scripts and files, ensuring secure and appropriate access to Change Management and other ITSM applications.
Show less
Roles Installed
The plugin installs a variety of roles granting different levels of read and write access across Change Management, Incident Management, Problem Management, and Request Management applications. These roles are designed to control user permissions precisely and securely.
- Change Management Roles:
- snchangeread: Grants read access to all change requests and the CAB workbench, including dependencies on roles like cmdbread and appserviceuser.
- snchangewrite: Provides write access to Change Management along with snchangeread and templateeditor roles.
- Incident Management Roles:
- snincidentread: Enables users to view all incidents and major incident workbench, extending beyond what ESS users can access.
- snincidentwrite: Allows write access to Incident Management records and includes read and templateeditor roles.
- Problem Management Roles:
- snproblemread: Read access to Problem Management records.
- snproblemwrite: Write access, including read and templateeditor roles.
- Request Management Roles:
- snrequestread: Read access limited to requests where the user is also an approver. It is recommended not to assign this role without the businessstakeholder role due to upcoming updates.
- snrequestwrite: Write access for requests and requested items, including multiple supporting roles such as taskeditor and agentworkspaceuser.
- snrequestcommentwrite: Write access to comments on requested items; requires additional write permissions on the table.
- Service Desk Agent Role:
- snservicedeskagent: Designed for tier 1 service desk agents to gather information and deliver quick resolutions. Includes write access roles across incident, problem, change, and request management.
Additional Roles with ITSM Gen AI Plugin
When the ITSM Gen AI plugin (com.sn.itsm.gen.ai) is installed, additional roles become available such as knowledgeuser and nowassistpaneluser, enabling enhanced AI-driven assistance capabilities within ITSM.
Practical Implications for ServiceNow Customers
By installing this plugin, administrators can efficiently assign well-defined roles to users, ensuring appropriate access and control over Change Management and related ITSM applications. Understanding the dependencies and limitations of each role helps maintain security and operational integrity, while enabling users to perform their responsibilities effectively.
Several user roles are installed with the activation of the ITSM Roles — Change Management plugin (com.snc.itsm.roles.change_management). Security ACLs to support the security model for Change Management and related functionality are also installed.
When you install the ITSM Roles — Change Management plugin (com.snc.itsm.roles.change_management), the plugin updates the Security Access Control Lists (ACLs), integrating revised scripts, and other files to overhaul the security model for these applications.
Roles installed
| Role title [name] | Description | Contains roles |
|---|---|---|
| Change read [sn_change_read] |
Read access to the Change Management application and related records. Note: A user with the sn_change_read role can view all change requests as well as the CAB workbench. |
|
| Change write [sn_change_write] |
Write access to the Change Management application and related records. |
|
| Incident read [sn_incident_read] |
Read access to the Incident Management application and related records. Note: An ESS user (user with no role) can view only those incidents that they create or someone else creates on their behalf. A user with the
sn_incident_read role can view all incidents as well as the major incident workbench. |
|
| Incident write [sn_incident_write] |
Write access to the Incident Management application and related records. |
|
| Problem read [sn_problem_read] |
Read access to the Problem Management application and related records. | NA |
| Problem write [sn_problem_write] |
Write access to the Problem Management application and related records. |
|
| sn_request_read | Read access to the Request (sc_request) or Requested Item (sc_req_item) only for a user who is also an approver of the request or requested item. Note: As there are future updates expected for the sn_request_read
role, do not assign it to users without the business_stakeholder role. |
NA |
| sn_request_write | Write access to the Request (sc_request) or Requested Item (sc_req_item). |
|
| sn_request_comment_write | Write access to the comments for the Requested Item (sc_req_item). Note: The sn_request_comment_write role alone does not give access to comments write, you will need write access for the table. |
NA |
| [sn_service_desk_agent] | Enables gathering, and verifying information, as well as delivering quick resolutions for tier 1 service desk agents. This user role is available when the ITSM Roles plugin (com.snc.itsm.roles) is installed. |
With the installation of the ITSM Gen AI (com.sn.itsm.gen.ai) plugin, the following roles are also available:
|