Removing assignments from container vulnerable items and remediation tasks

  • Release version: Yokohama
  • Updated May 22, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Removing assignments from container vulnerable items and remediation tasks

    ServiceNow enables you to clear theAssigned toandAssignment groupfields on container vulnerable items (CVITs) and remediation tasks (CVULs) when they are incorrectly assigned to you or your groups or fall outside your remediation scope. This unassign functionality is accessible directly from the CVIT and CVUL records in both workspace and classic views, provided the records are not in the Closed or Resolved state.

    Show full answer Show less

    When a user requests to unassign a remediation task (CVUL), all CVITs linked to that CVUL with the same assignment group are also unassigned, except for those manually assigned with different groups.

    Records that have had assignments cleared appear in the Unassigned module for Container Vulnerability Response for easy tracking.

    Key Features

    • Unassign UI action: Allows users to clear assignment fields on CVIT and CVUL records except when they are Closed or Resolved.
    • Approval workflow: By default, unassign requests trigger an approval process controlled by the snvul.unassignvr.approvalrequired system property.
    • Approval routing: Unassign requests appear in the My Approvals list for users with the snvulcontainer.unassignapprover role.
    • System property customization: Vulnerability administrators can disable the approval process by setting snvul.unassignvr.approvalrequired to false.
    • Default assignment group redirection: The snvul.defaultassignmentgroup system property lets you specify a default group to be assigned when assignments are cleared, allowing reassignment to a designated review group.
    • Notification management: When the default assignment group is changed, notifications for all unassigned VITs, AVITs, and CVITs are sent to the specified group.

    Practical Impact for Customers

    This functionality helps ServiceNow customers maintain accurate ownership of container vulnerability records and remediation tasks, ensuring that only the correct teams or individuals are assigned to address vulnerabilities. The approval workflow provides governance and control over assignment changes, while system properties allow administrators to tailor the process to fit organizational policies. Redirecting unassigned items to specific groups enables streamlined review and reassignment, improving vulnerability management efficiency.

    You can clear the Assigned to and Assignment group fields on container vulnerable items directly from the container vulnerable item and remediation task records that you determine might be incorrectly assigned to you or your groups.

    Overview for the workflow

    If you determine that container vulnerable items (CVITs) and remediation tasks (CVULs) aren't within your scope for remediation, or if you think that records have been incorrectly assigned to you or to your groups, you can remove yourself or your groups from the Assigned to and Assignment group fields on CVIT and CVUL records.

    The unassign workflow is supported in workspace and both classic and workspace views for CVITs and CVULs.

    You have the option to send requests to clear the assignment fields for approval. See Approve or reject an unassign request in Vulnerability Response and Removing assignments from vulnerable items and remediation tasks for more information.

    • The Unassign UI action is displayed on CVIT and CVUL records in any state other than the Closed or Resolved.
      Note:
      After the request to clear the fields is approved for a CVUL, all the Assigned to and Assignment group fields on CVITs that have the same assignment group are unassigned. If any CVIT on a CVUL has a different assignment group than its associated CVUL, it is not unassigned. In most cases these CVITs have been manually assigned. See Container Vulnerability Response remediation tasks and task rules overview and Removing assignments from vulnerable items and remediation tasks for more information.
    • Any records that you update with either the UI action or manually are displayed on the Unassigned module for Container Vulnerability Response.

    See Remove assignments from vulnerable items and remediation tasks for more information about the steps for how to clear the assignment fields.

    System properties and approval notifications

    If a remediation owner selects Unassign on a record, by default, the sn_vul.unassign_vr.approval_required system property triggers the approval flow and creates a state change approval record in the Review state, and the request is routed for approval. The request is displayed on the My Approvals list for users with the sn_vul_container.unassign_approver.

    Note:
    As a vulnerability administrator [sn_vul.vulnerability_admin], you can set the sn_vul.unassign_vr.approval_required system property to false to disable the approval process.

    Additionally, you can change the value in the sn_vul.default_assignment_group system property so if the assignment fields are cleared, a specific group is assigned. For example, if a user clicks Unassign on a record and you want to redirect it to a specific group for review, you can add the system ID for the group of your choice in the value field of the system property.

    Note:
    If you change this value, notifications for all the VITs, AVITs, and CVITs that are unassigned are sent to the group you specify.