The Zurich release has arrived! Interested in new features and functionalities? Click here for more

Use of Issue Manager?

Go to solution
Magnus Joensson
Kilo Contributor

‎02-24-2021 05:12 AM

I'm a bit confused of the intended use of the "Issue Manager Group" and "Issue Manager"?

The documentation says; "The group/user responsible for managing and reviewing the issue."

Our interpretation of this was at first that this could be the Risk Managers overseeing the issue and also Reviewing.
But then selecting Issue Manager Group the only group possible to select is "Risk Users"?! (We have for example also groups like "Risk Managers" but these don't show and can't be selected)
  Q1: Why is the group selection limited? Have I misunderstood the intention of the Issue Manager role?

Q2: Another possible use of the Issue Manager what would make sense to us is for specific managers in the business who actually can review and approve an issue being resolved. Is this the intended use? In this case the limitation of groups allowed would make little more sense. 

Would be very thankful for some guidance in this matter 

PS: We do not have Advanced Risk mgmt. The Paris release is 11.0.2

0 Helpfuls
  • 2,245 Views
1 ACCEPTED SOLUTION

Go to solution
Anushree Randad
ServiceNow Employee
ServiceNow Employee

‎02-26-2021 11:29 AM

Hi Magnus,

The intention of the issue manager and issue manager group is to assign issue to a manager who is accountable to make sure the issue is resolved and he/she can review the issue once it's remediated. It is supposed to show all groups including risk/compliance/audit users and risk/compliance/audit managers. But as Phil mentioned, there was a bug which we have fixed in the recent release which will be published as part of our March store release in couple of weeks. 

Phil,

We have also fixed ACLs on these new fields in our March store release so you will be able to see the fix soon as follow:

  • Issue type, issue rating, policy and authority document fields will be read only for issue owner but they would be able to edit action plan, state, activity, short description, description. They can also create remediation tasks for the issues they own
  • For issue manager with minimum grc_user role, we have opened up issue type, policy, issue rating and authority document fields in new and analyze states. In respond state, the issue rating becomes read only even for issue manager since the due date and SLA depends on issue rating. 
  • In review state, only state, action plan and activity is open for issue manager

Let me know if you have more questions or have any feedback.

 

Thanks,

Anushree, Principal Product Manager

GRC, ServiceNow

 

View solution in original post

2 REPLIES 2

Go to solution
Phil Swann
Tera Guru
Tera Guru

‎02-25-2021 01:23 PM

Q1, this is a flaw in SN core ref qualifiers against group. Due to role inheritance. A quick fix is to assign the user level to the group. In the past I have built a custom ref qualifier to solve this... you shouldn't need to ,but its required unfortunately. Might need an idea on portal to get it into the baseline... 

 

I think this post from @Jan Spurlin  sums it up nicely:

Issue Management Life cycle Clarification - Governance, Risk, and Compliance (GRC) - Question - Serv...

I think you can achieve a lot just by locking down the state field and using UI Actions to handle the state flow logically; and then you can enforce the issue manager etc... its a really nice addition tbh 

 

But I also make you aware of a current defect in Issue around the ACLs for some of the new fields, seem to have been omitted for issue manager group, issue manager, action plan and issue type?  can be updated by any user in any state,, check that... 

Go to solution
Anushree Randad
ServiceNow Employee
ServiceNow Employee

‎02-26-2021 11:29 AM

Hi Magnus,

The intention of the issue manager and issue manager group is to assign issue to a manager who is accountable to make sure the issue is resolved and he/she can review the issue once it's remediated. It is supposed to show all groups including risk/compliance/audit users and risk/compliance/audit managers. But as Phil mentioned, there was a bug which we have fixed in the recent release which will be published as part of our March store release in couple of weeks. 

Phil,

We have also fixed ACLs on these new fields in our March store release so you will be able to see the fix soon as follow:

  • Issue type, issue rating, policy and authority document fields will be read only for issue owner but they would be able to edit action plan, state, activity, short description, description. They can also create remediation tasks for the issues they own
  • For issue manager with minimum grc_user role, we have opened up issue type, policy, issue rating and authority document fields in new and analyze states. In respond state, the issue rating becomes read only even for issue manager since the due date and SLA depends on issue rating. 
  • In review state, only state, action plan and activity is open for issue manager

Let me know if you have more questions or have any feedback.

 

Thanks,

Anushree, Principal Product Manager

GRC, ServiceNow