sn_vul.remediation_owner role attribution

Greg33 · 2 hours ago

Hi Community,

I'm finally posting this question as it's something that has been puzzling me for a while.

As per the docs here

Assign sn_vul.remediation_owner - Remediation Owner to users and groups.

Users and groups with this role remediate vulnerabilities assigned to them or to a group they belong to. Groups or users with this role view and update the records assigned to them or to a group they belong to.

In my scenario, this role attribution needs to be faily dynamic, as there are potentially hundreds of groups and user that could be involved in the remediation of a vulnerable item. The assignment logic is based on various factors within the CI entries, and these values could change / new CIs added etc...

I also read this note for a different documentation page:

Note:

The sn_vul.remediation_owner role is also automatically assigned when the itil role is assigned to a user.

If verified, this would quickly address my concern, however I can't find any more details about this automatic role assignment, and how it is actually applied.

When I add the itil role to a user, I don't see the sn_vul.remediation_owner role being automatically attributed, nor do I see any relationship between the two roles on the sys_user_role_contains table.

If somebody could clarify this for me it would be greatly appreciated!

Thanks in advance!

Greg

Martin Dewit · 58m ago

Have you added the sn_vul.remediation_owner role to the itil role? That way anyone with itil role automatically inherits sn_vul.remediation_owner.

Greg33 · 14m ago

No I haven't (yet) but my question is actually pointing towards the note mentioned in the document I shared: 'The sn_vul.remediation_owner role is also automatically assigned when the itil role is assigned to a user.'

I'm trying to clarifiy this statement before making any modifications myself, as this (statement, and your suggestion) seems to be OOTB behaviour, but I don't see anything in the system that would verify this