Hi @mounika7675 

In terms of access right sn_grc.user > sn_grc.business_user 

sn_grc.user existed long before ServiceNow introduced sn_grc.business_user. At the time, we would grant sn_grc.user as a minimum role to users who needed to read GRC tasks.

In my opinion, this is no longer true. sn_grc.business_user should be allocated to users that need access to GRC to carry out their basic duties, such as  responding to an attestation or risk assessment - keep in mind that the role has limited access to information linked to the activities that have been assigned to them.

Please mark my answer as Correct / Helpful based on the Impact

Community Rising Star 2023