Compliance Reader role not able to read Attestations

Michael Oosten1 · ‎03-16-2023

Hi,

I noticed that Compliance Reader role is not able to read Attestations at all. However, Compliance User role is able to read Attestations.

On one hand it makes sense to limit access to the Attestations, as info about non-compliant controls pose a risk. However, Compliance Users are able to read them. So it doesn't seem consistent.

They both have the survey_reader role, which I assumed would give them access to read Attestations. See: https://docs.servicenow.com/bundle/utah-governance-risk-compliance/page/product/grc-policy-and-compl...

Any thoughts?

Community Alums · ‎03-16-2023

Hi @Michael Oosten1 ,

When you are on the attestation type , eg: GRC Attestation there is a role field on the attestation type. The user with that role mentioned on the specific attestation type should be able to assess the respective attestation. By default it's sn_compliance.user as far as i remember.

Rajesh_Singh · ‎03-17-2023

@Michael Oosten1

The Compliance Reader role is designed to provide read-only access to compliance-related information, while the Compliance User role has additional capabilities, such as the ability to create, edit, and manage compliance-related records.

In the case of Attestations, it seems that the platform has been designed to give Compliance Users access to this information, while limiting the access for Compliance Readers. This distinction might have been made based on the assumption that Compliance Users, with their broader responsibilities, require more comprehensive access to compliance data, including Attestations.

If you found my response helpful or applicable, please consider marking it as correct or helpful to assist others who may be seeking the same information.

---------------
Regards,
Rajesh Singh