Roles for security incident response tasks

Dedea
Giga Contributor

‎05-01-2025 02:14 AM

Hello,
which roles must be assigned to an agent to handle responses tasks without having access to the security incident responses father?
Thanks for your help

0 Helpfuls
  • 546 Views
1 REPLY 1

andy_ojha
ServiceNow Employee
ServiceNow Employee

‎05-01-2025 06:44 PM

Hey there.

 

The <sn_si.external> role is used to grant access to external Teams outside of the primary security incident responders or security analysts.

This role could be used to grant permissions to Teams like the Help Desk, Firewall Team, etc - so that they only see the child Response Tasks (aka SITs) that are assigned to a Team they are members of.

 

One call out to consider, is that you could also create related Incidents (ITSM) (aka INCs) from Security Incidents as well, to route work to other Teams.  In that approach, no additional user permissions or roles would be needed, and in some cases INCs may align with how external Teams are familiar with working.    

 

andy_ojha_0-1746150176196.png

 

0 Helpfuls