Roles required to GRC/IRM

Petter-B · ‎11-18-2023

I my scenario I've created Policies of type procedures. This is perfectly creating a knowledge article when approved.

From the documentation I read that in order to revise the Policy/Procedure, the role must be Compliance User

[sn_compliance.user].

In my scenario I would prefer that i.e. the owner of a service desk would have the privilege to at least update the Policy without requiring full GRC License. Or is that the case that we have to give anyone who should accomplish this task this license?

Anyone who has experience with my scenario?

The other solution is of course to create all policies/procedures in a knowledgebase involving less cost. But then we don't utilize the intensions of the module.

Harish Bainsla · ‎11-19-2023

In ServiceNow GRC (Governance, Risk, and Compliance), the roles and permissions are designed to ensure proper access control and segregation of duties. While it's true that the Compliance User [sn_compliance.user] role is typically associated with the ability to revise policies and procedures, there are ways to provide access to specific users without granting them a full GRC license.

Here are a few considerations and possible approaches:
> Access Control Rules (ACLs):
> Custom Roles and Permissions
> Scripting and Business Rules

Petter-B · ‎11-20-2023

OK. What I see is that a Policy Owner seems to have a [sn_compliance.user] license. My question is related to the practical execution and the license issue.

Community Alums · ‎11-20-2023

Hi @Petter-B ,

If you are providing the role to your owner of a service desk, it will consume license.

Community Alums · ‎11-26-2023

Hi @Petter-B ,