ServiceNow IRM Issue: How Do You Assign Multiple Users and to a Remediation Task?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2025 11:20 AM
Hi everyone,
I work in Internal Audit, and we use the Remediation Task form in the Audit Module of ServiceNow IRM to monitor and track audit action items after completing an audit. The responsible person (action owner) is assigned via the "Assigned To" field in the remediation task.
Each quarter, we report to the Audit and Risk Committee on the status and progress of these audit actions. However, we’re facing two challenges with our process:
- A middle-man (e.g., a coordinator or QA reviewer) is needed to review and validate responses before approval.
- The "Additional Comments" field—where action owners provide status updates—is non-editable, which limits flexibility in tracking changes.
Questions
How can I assign a "middle-man" to have the same visibility and access as the Action Owner?
- Ideally, both should be able to view and edit the same remediation task fields.
- Is there a specific field (e.g., a secondary assignee or role-based access setting) that allows multiple users to collaborate on a single remediation task?
Is there a way to make the "Additional Comments" field editable?
- If not, what alternative field would be best for tracking updates that can be edited over time?
I’d appreciate any guidance on how to configure these settings or any best practices for handling similar workflows in ServiceNow IRM.
Thanks in advance!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2025 11:59 AM
Hi @Ben Eng
1- This sounds like you need to create ACLs for granting the needed accesses to middle-man role.
If you have a dedicated role for middle-man, Go through the Access Controls (ACL), for the Remediation Task table and then you can create the ACLs to grant write accesses based on the role and conditions you defined. Same thing can be done to grant write access for the Additional Comments
2- Could you check it you have watch_list field on the remediation task? You can override the label to make it "Collaborators" and create ACLs based on users on this field as needed.
You can use "Debug Security Rules" to view what ACLs are blocking read/write accesses.
If you found this helpful, please hit the thumbs-up button and mark as correct. That helps others find their solutions.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2025 12:59 PM
Is it possible to avoid changing the ACLs as a solution? Only because our IT Department would probably regard this as a customisation and be very reluctant to do - their explanation is it impacts on licensing and when upgrading.
I'm wondering about using another field called the 'Additional Assignee' field' for the 'middle-man' user. What is the purpose of this field and could it not be used for the 'middle-man' user to have the same access as the person in the Assigned To field? I also note there is another field called 'Assignment Group' and wondering the same as they are both out-of-the-box fields.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2025 01:16 PM
@Ben Eng
I totally agree, what I suggested is to create new ACLs, do not adjust the OOTB ones. Like that the will still receive updates if any.
You can use the field "Additional Assignee" but it looks like this would only take one user. It is a reference field, isn'it?
If you would like multiple users to be assigned, you can use List collector field which reference sys_user table. By this, you can add multiple users.
I am not sure about the licenses and the models you have. But if you are splitting requesters and fulfillers, additional comments can be maintained through the portal. (If the remediation task is accessible from the portal). Better to check what you have with ServiceNow with regards to licenses.
If you found this helpful, please hit the thumbs-up button and mark as correct. That helps others find their solutions.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-09-2025 01:08 PM
Thank you Medi C. The Additional Assignee field is an OOTB field and it does take in multiple users from what I have tested of that field.
The List Collector field doesn't seem to appear on our remediation task form. This sounds promising. Is this something that can be brought back by our IT team? And you do think it could be configured so that users in this field would have the same access to the remediation task form as those people in the Assigned To field?
I believed the Portal was dismissed early on. The vendors we were dealing with thought it would be best to use the backend for our purpose. I note though that the Portal looks a lot more user friendly and could have much better integration of the comments feature for our needs. We are looking to use the form as a way of collecting, refining status updates on the remediation tasks which seems very difficult to do with our current design.