Components installed with ITSM Roles - Change Management

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Components installed with ITSM Roles - Change Management

    The ITSM Roles — Change Management plugin (com.snc.itsm.roles.changemanagement) installs several user roles and updates Security Access Control Lists (ACLs) to enhance the security model for Change Management and related functionalities. This ensures proper access management and functionality integration within the application.

    Show full answer Show less

    Key Features

    • Change Admin Role - Provides configuration and authorization access for Change Management system properties, offering granular write access specific to the application.
    • Change Read Role - Grants read access to Change Management records and the CAB workbench.
    • Change Write Role - Allows write access to Change Management records.
    • Incident and Problem Management Roles - Includes read and write access roles for Incident and Problem Management applications, facilitating better incident and problem resolution management.
    • Request Roles - These roles control access to requests and requested items, ensuring only authorized users can modify or comment on these records.
    • Service Desk Agent Role - Empowers tier 1 service desk agents to gather and verify information, leading to quick resolutions.
    • Gen AI Plugin Roles - Additional roles for knowledge users and those utilizing the now assist panel are available with the ITSM Gen AI plugin.

    Key Outcomes

    By activating the ITSM Roles — Change Management plugin, ServiceNow customers can expect a robust security model tailored for Change Management, ensuring that users have appropriate access levels based on their roles. This setup enhances operational efficiency and security while enabling better management of changes, incidents, and requests within the organization.

    Several user roles are installed with the activation of the ITSM Roles — Change Management plugin (com.snc.itsm.roles.change_management). Security ACLs to support the security model for Change Management and related functionality are also installed.

    When you install the ITSM Roles — Change Management plugin (com.snc.itsm.roles.change_management), the plugin updates the Security Access Control Lists (ACLs), integrating revised scripts, and other files to overhaul the security model for these applications.

    Note:
    The Application Files table lists the components that are installed with this application. For instructions on how to access this table, see Find components installed with an application.

    Roles installed

    Role title [name] Description Contains roles
    Change admin

    [sn_change_admin]

    		 Provides configuration and authorization access for system properties in the Change Management application. Provides a granular, application-specific write access replacing the global admin role.
    • sn_change_write
    • sn_change_cab.cab_manager
    • change_manager
    Change read

    [sn_change_read]

    		 Read access to the Change Management application and related records.
    Note:
    A user with the sn_change_read role can view all change requests as well as the CAB workbench.
    • sn_cmdb_user
    • dependency_views
    • view_changer
    • cmdb_read
    • app_service_user
    • cmdb_query_builder_read
    Change write

    [sn_change_write]

    		 Write access to the Change Management application and related records.
    • sn_change_read
    • template_editor
    • cmdb_query_builder
    Incident read

    [sn_incident_read]

    		 Read access to the Incident Management application and related records.
    Note:
    An ESS user (user with no role) can view only those incidents that they create or someone else creates on their behalf. A user with the sn_incident_read role can view all incidents as well as the major incident workbench.
    • dependency_views
    • agent_workspace_user
    • view_changer
    • cmdb_read
    • cmdb_query_builder_read
    Incident write

    [sn_incident_write]

    		 Write access to the Incident Management application and related records.
    • sn_incident_read
    • template_editor
    Problem read

    [sn_problem_read]

    		 Read access to the Problem Management application and related records. NA
    Problem write

    [sn_problem_write]

    		 Write access to the Problem Management application and related records.
    • sn_problem_read
    • template_editor
    sn_request_read Read access to the Request (sc_request) or Requested Item (sc_req_item) only for a user who is also an approver of the request or requested item.
    Note:
    As there are future updates expected for the sn_request_read role, do not assign it to users without the business_stakeholder role.
    		 NA
    sn_request_write Write access to the Request (sc_request) or Requested Item (sc_req_item).
    • task_editor
    • dependency_views
    • agent_workspace_user
    • view_changer
    • cmdb_read
    • cmdb_query_builder_read
    • sn_request_read
    sn_request_comment_write Write access to the comments for the Requested Item (sc_req_item).
    Note:
    The sn_request_comment_write role alone does not give access to comments write, you will need write access for the table.
    		 NA
    [sn_service_desk_agent] Enables gathering, and verifying information, as well as delivering quick resolutions for tier 1 service desk agents. This user role is available when the ITSM Roles plugin (com.snc.itsm.roles) is installed.
    • sn_incident_write
    • sn_problem_write
    • sn_change_write
    • sn_request_write
    • tracked_file_reader
    With the installation of the ITSM Gen AI (com.sn.itsm.gen.ai) plugin, the following roles are also available:
    • knowledge_user
    • now_assist_panel_user