GRC Policy and Compliance user roles

Dan Bertuleit
Giga Contributor

Is there a any reference material available that fully describes the Roles available in the Policy and Compliance Module?  How those roles relate to the forms and workflows?  And do user roles have built in filters give the users full read only capability to only their (and their child entities') control objectives, controls, indicators?

Given the capability to define Entities that align to individual (e.g., Control Owner) roles, I am trying to give entity owning users (department managers) and child entity lower level control performers (Control Owners) the permissions needed to view but not update, change, or enter new all Policies, and their individual Control Objectives, Controls, Attestations,  and Indicators.  Hopefully these permissions would overlay on the same forms the GRC administrator / compliance_user / grc_user has, except properly filtered and read only.   Is this available / build in to SNOW GRC P&C?

Thanks,

Dan

3 REPLIES 3

sachin_namjoshi
Kilo Patron
Kilo Patron

Samuel Pau
Tera Contributor

It's good to see the question here.

To be honest, I'm struggling to understand clearly what each role can do and can only trial/error to document the behaviours ourselves.

If ServiceNow can provide a clear mapping of the user roles and permissions, I'm sure many customers would appreciate that.


Thanks, Samuel.

Jan Spurlin
ServiceNow Employee
ServiceNow Employee

Take a look at this article I just posted. It might help

https://community.servicenow.com/community?id=community_article&sys_id=d6fbcad1db582410fb115583ca9619ad