@Tony Branton I would like to echo @BHackenberger's, comment. We also have data certification use cases beyond the CMDB. The previous module was perfect for addressing this because the data_cert_admin role just granted the permissions that were necessary to execute and manage the data certification without extra permissions.

By integrating the new data certification functionality into CMDB Data Manager, it forces the granting of extra permissions to folks who need to run a data certification campaign that should not have it. For example, by granting sn_cmdb_admin, it also grants access to modify the CI Class Manager. Besides CMDB Admins and Platform Admins, no one should have access to edit there. The potential impact of a mis-configuration there can be extremely dangerous.

I would strongly recommend that ServiceNow create a stand alone role just to manage data certification policies in CMDB Data Manager.