GRC access

dev_K · ‎06-03-2024

Hi,

Is it possible to grant a user a role that will allow him to access entire GRC module? or is it more module based??

thanks!

Dr Atul G- LNG · ‎06-03-2024

Here is list of role

https://docs.servicenow.com/bundle/washingtondc-governance-risk-compliance/page/product/grc-common/r...

Common roles
Role title [name]	Description	Contains roles
GRC Business User [sn_grc.business_user]	This role is a part of the GRC Profiles application. It should be assigned to users who require access only to GRC applications in the context of performing tasks assigned to them. For example, a business user who must respond to an attestation or risk assessment, or who must remediate an issue may require this role. Users with this role are provided with limited access to data and to information relevant to their assigned tasks. Starting with the 14.x release, the following permissions are available to the users with the sn_grc.business_user role: Policy and Compliance Management Create new issues and view all issues assigned to them or their group. Accept work and approve evidence responses. Assign remediation task. Acknowledge policies. Contribute to policies. Group and ungroup attestations. Request and approve policy exceptions. Report issues. Respond to observations. Submit and request issue triages. Take attestation. Risk Management Create new issues and view all issues assigned to them or their group. Assign indicator tasks. Assign issues. Assign remediation tasks. Assign risk event tasks. Assign risk response tasks. Approve and assess Advanced risk assessment. Respond to indicator tasks. Respond to risk identification questionnaire. Respond to metrics data task. Report issues. Submit issue triage requests. Take risk assessment. View risk assessment scope. View risk statements. View risk assessment scope. View and report risk events. View indicator supporting data. Integration with Project Portfolio Management Create risk from library. Elevate enterprise risk. Initiate object assessment. View the Project Risk Overview Dashboard. During a GRC: Profiles upgrade to either version 11.X or 12.x, users who have previously performed a GRC operation in the past 90 days are automatically assigned the GRC Business User role. This is a one-time event. The group and role are assigned once during the 11.x or 12.x upgrade. For more information on the GRC Business User role, see KB0864247. Note: You must log in to Now Support to view the Knowledge Base articles. Note: Manage who can access your GRC records with the GRC user roles. Earlier, your users with the snc_internal role could also access the GRC records. As part of the security updates, each GRC application has modified access control lists (ACLs) where access to the GRC records is restricted only to the users with the GRC roles.	sn_grc.user_hierarchy_reader workspace_user sn_grc_workspace.task_reader canvas_user
GRC Business User – Lite [sn_grc.business_user_lite]	Users with this role can perform only a subset of the tasks that can be performed by the sn_grc.business_user. This role is applicable only for customers who have purchased the ‘Risk Lite Operator’ license and installed the GRC: Business User – Lite application from the ServiceNow Store. Risk Lite Operators are users who have the right to perform only one or more of the listed operations. The users with this role can perform the following activities: Read and update policy acknowledgment, control attestation, issues assigned to them, remediation task, and evidence request. Report and read issues submitted, risk events, and policy exceptions. Risk Management Create new issues and view all issues assigned to them or their group. Approve advanced risk assessments. Note: To enable lite operators to approve advanced risk assessments, the administrator must manually add the sn_risk_advanced.ara_approver role to GRC: Business User Lite. Respond to risk response tasks. Approve risk response tasks. Review, approve, or reject a risk event. Respond to a risk identification questionnaire. Update any assigned risk event task. Review and respond to the metrics data tasks.	sn_grc_workspace.task_reader canvas_user sn_grc.user_hierarchy_reader
GRC Admin [sn_grc.admin]	Provides administrative access to the GRC suite of applications and modules.	business_process_admin sn_grc.user_hierarchy_admin sn_grc_workspace.task_admin sn_grc.manager sn_data_registry.admin
GRC System Admin sn_grc.sn_grc_system_admin	This role is a system role for running scheduled jobs. This role is equivalent to the System Administrator role. For example, if you want to run a scheduled job for policy acknowledgment, you can set up the system to run the job as GRC Admin. The GRC System Administrator is a default user that contains sn_grc.sn_grc_system_admin role. Note: This role isn’t assigned to a person. It’s a technical backend role that is used for running the scheduled jobs.	admin import_admin sn_grc.admin
GRC Reader [sn_grc.reader]	Provides read access to the GRC suite of applications and modules.	pa_viewer cmdb_read sn_data_registry.reader
GRC Manager [sn_grc.manager]	Provides management access to the GRC suite of applications and modules.	sn_grc.user business_process_manager cmdb_query_builder_read
GRC User [sn_grc.user]	Provides management access to the GRC suite of applications and modules.	sn_grc.reader business_process_user sn_grc_pa.sn_grc_pa_viewer
GRC Developer [sn_grc.developer]	Provides the ability to perform script-based work such as, write scripted factors, scripted formulae for advanced risk assessment, scripted indicators, and so on in GRC	sn_grc.admin
GRC Confidential User [sn_grc.confidential_user]	Provides access to the GRC confidential records.	None
GRC User Hierarchy Reader [sn_grc.user_hierarchy_reader]	Provides read access to the records in the sn_grc_user_hierarchy table.	None
GRC User Hierarchy Admin [sn_grc.user_hierarchy_admin]	Users with this role can create and delete the records in the sn_grc_user_hierarchy_configuration table.	None
Workspace task reader [sn_grc_workspace.task_reader]	Users with this role can read the records in the configuration tables such as tab configuration, applicable tables, and so on.	None

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************

View solution in original post

Dr Atul G- LNG · ‎06-03-2024

Hi @dev_K

Here is list of role

https://docs.servicenow.com/bundle/washingtondc-governance-risk-compliance/page/product/grc-common/r...

Common roles
Role title [name]	Description	Contains roles
GRC Business User [sn_grc.business_user]	This role is a part of the GRC Profiles application. It should be assigned to users who require access only to GRC applications in the context of performing tasks assigned to them. For example, a business user who must respond to an attestation or risk assessment, or who must remediate an issue may require this role. Users with this role are provided with limited access to data and to information relevant to their assigned tasks. Starting with the 14.x release, the following permissions are available to the users with the sn_grc.business_user role: Policy and Compliance Management Create new issues and view all issues assigned to them or their group. Accept work and approve evidence responses. Assign remediation task. Acknowledge policies. Contribute to policies. Group and ungroup attestations. Request and approve policy exceptions. Report issues. Respond to observations. Submit and request issue triages. Take attestation. Risk Management Create new issues and view all issues assigned to them or their group. Assign indicator tasks. Assign issues. Assign remediation tasks. Assign risk event tasks. Assign risk response tasks. Approve and assess Advanced risk assessment. Respond to indicator tasks. Respond to risk identification questionnaire. Respond to metrics data task. Report issues. Submit issue triage requests. Take risk assessment. View risk assessment scope. View risk statements. View risk assessment scope. View and report risk events. View indicator supporting data. Integration with Project Portfolio Management Create risk from library. Elevate enterprise risk. Initiate object assessment. View the Project Risk Overview Dashboard. During a GRC: Profiles upgrade to either version 11.X or 12.x, users who have previously performed a GRC operation in the past 90 days are automatically assigned the GRC Business User role. This is a one-time event. The group and role are assigned once during the 11.x or 12.x upgrade. For more information on the GRC Business User role, see KB0864247. Note: You must log in to Now Support to view the Knowledge Base articles. Note: Manage who can access your GRC records with the GRC user roles. Earlier, your users with the snc_internal role could also access the GRC records. As part of the security updates, each GRC application has modified access control lists (ACLs) where access to the GRC records is restricted only to the users with the GRC roles.	sn_grc.user_hierarchy_reader workspace_user sn_grc_workspace.task_reader canvas_user
GRC Business User – Lite [sn_grc.business_user_lite]	Users with this role can perform only a subset of the tasks that can be performed by the sn_grc.business_user. This role is applicable only for customers who have purchased the ‘Risk Lite Operator’ license and installed the GRC: Business User – Lite application from the ServiceNow Store. Risk Lite Operators are users who have the right to perform only one or more of the listed operations. The users with this role can perform the following activities: Read and update policy acknowledgment, control attestation, issues assigned to them, remediation task, and evidence request. Report and read issues submitted, risk events, and policy exceptions. Risk Management Create new issues and view all issues assigned to them or their group. Approve advanced risk assessments. Note: To enable lite operators to approve advanced risk assessments, the administrator must manually add the sn_risk_advanced.ara_approver role to GRC: Business User Lite. Respond to risk response tasks. Approve risk response tasks. Review, approve, or reject a risk event. Respond to a risk identification questionnaire. Update any assigned risk event task. Review and respond to the metrics data tasks.	sn_grc_workspace.task_reader canvas_user sn_grc.user_hierarchy_reader
GRC Admin [sn_grc.admin]	Provides administrative access to the GRC suite of applications and modules.	business_process_admin sn_grc.user_hierarchy_admin sn_grc_workspace.task_admin sn_grc.manager sn_data_registry.admin
GRC System Admin sn_grc.sn_grc_system_admin	This role is a system role for running scheduled jobs. This role is equivalent to the System Administrator role. For example, if you want to run a scheduled job for policy acknowledgment, you can set up the system to run the job as GRC Admin. The GRC System Administrator is a default user that contains sn_grc.sn_grc_system_admin role. Note: This role isn’t assigned to a person. It’s a technical backend role that is used for running the scheduled jobs.	admin import_admin sn_grc.admin
GRC Reader [sn_grc.reader]	Provides read access to the GRC suite of applications and modules.	pa_viewer cmdb_read sn_data_registry.reader
GRC Manager [sn_grc.manager]	Provides management access to the GRC suite of applications and modules.	sn_grc.user business_process_manager cmdb_query_builder_read
GRC User [sn_grc.user]	Provides management access to the GRC suite of applications and modules.	sn_grc.reader business_process_user sn_grc_pa.sn_grc_pa_viewer
GRC Developer [sn_grc.developer]	Provides the ability to perform script-based work such as, write scripted factors, scripted formulae for advanced risk assessment, scripted indicators, and so on in GRC	sn_grc.admin
GRC Confidential User [sn_grc.confidential_user]	Provides access to the GRC confidential records.	None
GRC User Hierarchy Reader [sn_grc.user_hierarchy_reader]	Provides read access to the records in the sn_grc_user_hierarchy table.	None
GRC User Hierarchy Admin [sn_grc.user_hierarchy_admin]	Users with this role can create and delete the records in the sn_grc_user_hierarchy_configuration table.	None
Workspace task reader [sn_grc_workspace.task_reader]	Users with this role can read the records in the configuration tables such as tab configuration, applicable tables, and so on.	None

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************

Amitoj Wadhera · ‎06-03-2024

Hi @dev_K ,

You can give the user sn_grc.Admin role.

If you find my response helpful, please consider marking it as the 'Accepted Solution' and giving it a 'Helpful' rating. Your feedback not only supports the community but also encourages me to continue providing valuable assistance.

Thanks,

Amitoj Wadhera

Sid_Takali · ‎06-03-2024

Hi @dev_K https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0864247