Expansion of ITIL Roles with New Role Inclusions
Earlier, in ITIL-based systems, a single role like itil used to handle multiple responsibilities such as Incident, Problem, and Change management. However, with the introduction of more granular roles, these responsibilities are now divided into specific roles. This new role inclusion helps in better access control, improved security, and clearer responsibility distribution. Instead of giving broad access, organizations can now assign only the required permissions to users based on their job role.
Now, earlier in till Zurich Release there were 24 Main Roles and their individual Contains role were part of the ITIL Contains Role.
Now 4 new roles are added to the contains roles as follow :
ServiceNow Roles / Modules Overview:
This article provides a simple explanation of a few ServiceNow roles and what they are typically used for in day-to-day work. The goal is to give a clear understanding without going too deep into technical details.
- sn_cmdb_editor
The CMDB Editor role is mainly used by users who work with configuration data in ServiceNow. It provides access to the CMDB Workspace, where Configuration Items (CIs) can be viewed and updated.
With this role, users are able to edit CI records, update relationships between different configuration items, and work on CMDB Data Manager tasks. This helps in keeping the CMDB accurate and up to date.
It is important to note that this role focuses only on data maintenance. It does not allow changes to CMDB structure, class definitions, or governance policies. Those actions are usually restricted to admin-level roles.
In simple terms, this role is meant for maintaining CMDB data, not designing or controlling it.
- sn_comm_management.comm_plan_viewer
This role is related to communication management in ServiceNow and is usually part of a scoped application. It is mainly used for viewing communication plans that are configured within the system.
Users with this role can see how communication plans are structured, when notifications are triggered, and how they are linked to different service processes such as incidents or requests.
This is generally a read-only role, which means users can view the information but cannot make any changes. It is useful for stakeholders who need visibility into communication flows without being responsible for managing them.
- sn_sla_definition_query
This role is connected to Service Level Agreement (SLA) management. It allows users to access SLA definitions and review how service performance is being tracked.
With this role, users can view SLA and OLA records, check conditions like response and resolution times, and run queries for reporting or analysis purposes.
In some cases, depending on access levels, users may also be able to create or modify SLA definitions.
This role is typically useful for service managers, analysts, or process owners who are responsible for monitoring and improving service performance.
- sn_uib_collab_user
This role is associated with UI Builder in ServiceNow, which is used to create and customize modern workspaces.
Users with this role can collaborate on UI development, work on pages and components, and contribute to designing workspace layouts. It supports team-based development where multiple users are involved in building or updating the user interface.
Overall, this role is helpful for developers and designers working together on workspace customization.
Expansion of itil_admin Roles with New Role Inclusions : sn_cmdb_admin
From the Australia release onwards, there is a small but important change in how roles are structured in ServiceNow.
The itil_admin role now includes sn_cmdb_admin out of the box. Earlier, this was not the case, and CMDB admin access had to be given separately. Because of this update, anyone who has the itil_admin role will now automatically have CMDB admin-level access as well.
This change increases the level of access for users with itil_admin. While it can make things easier from an admin perspective, it also means more permissions are being granted than before. From a security and governance point of view, this is something that should not be ignored.
If you are planning an upgrade to the Australia release, it is a good idea to review your existing role assignments. Take a closer look at users who have the itil_admin role and confirm whether they actually need CMDB admin access. This simple check can help avoid giving higher-level access to users who may not require it.
This sn_cmdb_admin role has its own contains role as follows:
My Personal View about these roles :
Each of these roles has a specific purpose within the platform. The CMDB Editor role focuses on maintaining configuration data, the communication plan viewer role provides visibility into communication setups, the SLA role supports service performance tracking, and the UI Builder collaboration role helps with workspace development.
These roles ensure that different teams can work efficiently in their respective areas without unnecessary overlap or access.
Thanks and Regards
Gaurav Shirsat
