Pre-requisites to enable policy redlining feature

  • Release version: Zurich
  • Updated July 31, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Pre-requisites to enable policy redlining feature

    The policy redlining feature in ServiceNow's Compliance Workspace allows policy collaborators to review and edit policy documents using integrations with cloud hosting services. This feature is only available to ServiceNow cloud-based customers starting with the Zurich release. Proper configuration and role assignment are essential to enable and use the policy redlining capabilities effectively.

    Show full answer Show less

    Key Configurations and Integrations

    • Cloud Hosting Service Connection: You must connect your ServiceNow instance to one cloud hosting service—either Microsoft (OneDrive and SharePoint) or Google Drive.
    • Microsoft Integrations:
      • Requires Microsoft OneDrive Spoke (version 2.1.1 or higher) and Document Service Framework.
      • Microsoft SharePoint uses the same OneDrive setup and requires Azure App permissions including Files.ReadWrite, Sites.ReadWrite.All, and others for full access.
    • Google Drive Integration:
      • Requires Google Drive Spoke (1.4.1), Document Service Framework for Google Drive, and Google Docs integration to manage documents.
    • Integration Hub Entitlements: While Compliance Workspace includes entitlements for Policy authoring with O365 and Google Drive, additional Integration Hub or Automation Engine entitlements are required for Microsoft or Google Drive integrations beyond this scope.

    System Properties and Role Assignments

    • Set the cloud hosting service by navigating to All > Policy and Compliance > Administration > GRC properties and selecting OneDrive, SharePoint, Google Drive, or None in the "Select a file sharing service to host documents and attachments" property.
    • Specify the default folder path in OneDrive where policy documents and attachments will be stored; sub-folders can also be organized under this path.
    • The mpdocumentuser role must be assigned to users who need to create, update, or delete policy redlining documents.
    • System administrators are responsible for setting up cloud hosting connections, enabling system properties, and assigning necessary roles including mpdocumentuser and sncompliance.user to policy redlining users.

    Certain configurations are required to be set up for policy collaborators to use the policy redlining feature in the Compliance Workspace.

    Important:

    Currently, the policy authoring and redlining feature is available exclusively to ServiceNow cloud-based customers.

    Spoke support for cloud hosting services

    Spokes required for Policy authoring – integration with Microsoft Office 365
    • Microsoft OneDrive Spoke – 2.1.1
    • Microsoft OneDrive Spoke for Document Service Framework – 1.0.5
    Spokes required for Policy authoring – integration with Microsoft SharePoint
    • Microsoft OneDrive spoke 2.3.1
    • Document services framework for OneDrive – 2.0.0
    Spokes required for Policy authoring – integration with Google Drive
    • Document Service Framework for Google Drive Spoke – 1.0.1
    • Google Drive Spoke – 1.4.1
    Note:
    Integration Hub entitlements included in the Compliance Workspace are for Policy authoring – integration with O365 and integration with Google Drive. Using Microsoft integration or Google Drive integration requires Integration Hub transactions not included in the Compliance Workspace product but requires an Automation Engine or Integration Hub entitlement.

    Connecting to cloud hosting services

    If you’re a policy collaborator wanting to use the policy redlining feature in the Compliance Workspace, then you must set up the following configurations.
    Note:
    You can establish a connection with only one of the following cloud hosting services: either Microsoft or Google Drive.

    Microsoft implies both Microsoft OneDrive and Microsoft SharePoint.

    Establish a connection with cloud hosting services
    Connection with Microsoft OneDrive
    You must first set up the Microsoft OneDrive to perform actions in Microsoft OneDrive from ServiceNow. For more information, see Setup Microsoft OneDrive for Document Services.
    Note:
    To set up connection you require Microsoft Azure App permissions such as email, openid, profile, Files.ReadWrite, offline_access, User.Read, User.ReadBasic.All, Sites.ReadWrite.All.
    Connection with Microsoft SharePoint
    You must first set up the Microsoft SharePoint to perform actions in Microsoft SharePoint site from ServiceNow. For more information, see Setup Microsoft OneDrive for Document Services.

    The Microsoft OneDrive setup configured in ServiceNow is the same as that is done for Microsoft SharePoint as well. However, the Microsoft Azure App permissions are required for Microsoft SharePoint.

    Note:
    To set up connection you require Microsoft Azure App permissions such as email, openid, profile, Files.ReadWrite, offline_access, User.Read, User.ReadBasic.All, Sites.ReadWrite.All.
    Connection with Google Drive
    To set up Google Drive as a cloud hosting service and to create or update the policy text document that resides in Google Drive, you must:
    1. Set up Google Drive spoke account.
    2. Integrate the Document Services with Google Drive. For more information, see Document Services Framework for Google Drive.
    3. To manage documents in Google Docs from your ServiceNow instance, you must integrate the ServiceNow instance with Google docs. For more information, see Set up the Google Docs.

    Setting up system properties to connect with cloud hosting services

    Enable system properties to use policy redlining in Compliance Workspace
    1. Navigate to All > Policy and Compliance > Administration > GRC properties.
      1. To opt Microsoft OneDrive as your cloud hosting service, select One drive in the Select a file sharing service to host documents and attachments system property list.

        If you select None in the Select a file sharing service to host documents and attachments system property list, then you can import the policy text. For more information, see Import policy text for redlining.

      2. To opt Google Drive as your cloud hosting service, select Google drive in the Select a file sharing service to host documents and attachments system property list.
      3. To opt Microsoft SharePoint, select SharePoint in the Select a file sharing service to host documents and attachments system property list.
    2. Set the folder path that is to be created in Microsoft OneDrive in the Default folder path where documents and attachments will be located. You can organize files in sub-folders within this path system property list.
    Provide mp_document_user role
    The mp_document_user role is required to access policy redlining document-related tables. This role is required for users using the policy redlining feature to create, update, and delete the related documents.

    As a sys admin you can establish the cloud hosting connection, enable system properties, and provide the mp_document_user role and compliance user (sn_compliance.user) role for the policy redlining users.