GRC Policy and Compliance user roles

Dan Bertuleit · ‎08-03-2020

Is there a any reference material available that fully describes the Roles available in the Policy and Compliance Module? How those roles relate to the forms and workflows? And do user roles have built in filters give the users full read only capability to only their (and their child entities') control objectives, controls, indicators?

Given the capability to define Entities that align to individual (e.g., Control Owner) roles, I am trying to give entity owning users (department managers) and child entity lower level control performers (Control Owners) the permissions needed to view but not update, change, or enter new all Policies, and their individual Control Objectives, Controls, Attestations, and Indicators. Hopefully these permissions would overlay on the same forms the GRC administrator / compliance_user / grc_user has, except properly filtered and read only. Is this available / build in to SNOW GRC P&C?

Thanks,

Dan

sachin_namjoshi · ‎08-03-2020

Use below resources for this information

https://docs.servicenow.com/bundle/newyork-governance-risk-compliance/page/product/grc-policy-and-co...

Regards,

Sachin

Samuel Pau · ‎08-03-2020

It's good to see the question here.

To be honest, I'm struggling to understand clearly what each role can do and can only trial/error to document the behaviours ourselves.

If ServiceNow can provide a clear mapping of the user roles and permissions, I'm sure many customers would appreciate that.

Thanks, Samuel.

Jan Spurlin · ‎11-04-2020

Take a look at this article I just posted. It might help

https://community.servicenow.com/community?id=community_article&sys_id=d6fbcad1db582410fb115583ca9619ad