sn_grc_business_user_lite IRM lite role – impact of exposing additional access on licensing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi Team,
Could anyone help with the following query?
The sn_grc_business_user_lite role has several restrictions, including limited access to:
GRC modules (Policies, Entities, Controls, Control Objectives)
Tables and M2M tables (e.g: Additional Entities, Entity Type to Control Objectives)
Catalog pages, widgets, and user criteria (e.g: All Attestations, All Exceptions)
To meet business needs, we are considering exposing additional access (similar to what a custom group provides today).
If we extend access for the LITE role across these areas, will users still be treated as LITE from a licensing perspective? or could this trigger Operator or higher IRM licensing?
- Labels:
-
Integrated Risk Management (IRM)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi Buddy,
Good question — and you’re right to check before expanding access.
Giving the sn_grc_business_user_lite role more visibility (tables, widgets, portal content) usually does not change licensing. Users are still considered Lite as long as they’re mainly viewing, attesting, and participating.
Licensing risk comes if they start doing operator-type work — creating/editing controls, policies, risks, entities, or managing remediation.
So it’s less about the role itself and more about what the user actually does in the platform.
Best practice: confirm with your ServiceNow licensing rep before extending access, just to stay safe.
@tejaswiniva - If help answer, Please mark Accepted Solution and Thumbs Up.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi @tejaswiniva ,
Hope you are doing well.
| Primary Audience | First-line employees (1LOD), business managers, and tech owners. | Risk/Compliance teams (2LOD) who manage the overall programs. |
| Typical Tasks | Respond to attestations, policy acknowledgments, and risk assessments; report issues. | Implement policies, perform risk assessments, and manage control testing. |
| Interface | Service Portal, ESC, or GRC Task Workspace. | Full GRC Workspaces. |
| Licensing Basis | Requires the "Risk Lite Operator" license; restricted to "Lite operations". | Based on CRUD operations or assignment of full application roles. |
- CRUD Operations: Users are charged as IRM Operators if they perform Create, Read, Update, or Delete (CRUD) operations on GRC tables that fall outside the defined "Lite operations".
- Access to Workspaces: Lite operators are generally restricted to task-based activities in the Employee Service Center (ESC) or Service Portal and do not have access to GRC Workspaces. Providing access to these workspaces typically requires a full Operator license
If the solution is helpful for you please mark it helpful and accept the solution to clode the thread.
Regards,
Sagnic
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
@tejaswiniva - I hope I help you answer. Thanks kindly
