AI Control Tower roles

Zurich Enable AI

Release

zurich

ft:locale

en-US

ft:publication_title

Zurich Enable AI

ft:clusterId

platai

bundleId

platai

workflow

Platform

AI Control Tower roles

Release version: Zurich

Updated March 12, 2026

4 minutes to read

Certain roles are installed along with the installation of the AI Control Tower.This section also covers roles which are installed with AI Risk and Compliance.

Table 1. Roles and their descriptions
Role title [name]	Description	Contains roles
AI steward [sn_ai_governance_ai_steward]	Note: The organization decides on assigning the AI steward role. By adding the users to the AI stewards group, allows user to have additional permissions related to playbook. The AI steward is responsible for: Configuring AI Control Tower Adoption of AI governance practices Adoption of managing AI Control Tower and linking the AI asset Inventory Execution of AI Control Tower initiatives Understand the AI assets and AI Control Tower policies Creating AI assets Completing the AI asset lifecycle Collaboration of cross-functional teams within the organization to confirm that the organization policies are adhered Creating AI Control Tower Approval Playbook for Now Assist approvals. Configure third-party LLMs and SLMs Configure Multi-instance management Add and edit a value template Learning to use the access map Approve or reject an approval request For AI discovery: Activate or deactivate hyperscaler connections Select the hyperscaler connections to discover agents and usage on-demand For AI Gateway: Add an MCP server via AI Agent Studio Set up MCP client connections	sn_nowassist_admin.user sn_ai_governance.workspace_admin sn_aia.admin aig_admin sn_mcp_client.admin sn_align_core.apw_user- Can create, update, and delete portfolio plans, free-form road maps, and planning items it_demand_manager- User who manages the inflow, screening and facilitates the prioritization of IT demands it_project_manager- User of the project management application, and manager of IT projects sn_apw_advanced.pf_user- Can create, view, update, and delete the Product Feedback records
AI Control Tower Workspace user [sn_ai_governance_workspace_user]	The AI Control Tower Workspace user is responsible for: Own and manage the AI assets Access the AI Control Tower home page Exclusive access to the AI portfolio tab	None
AI asset owner [sn_ai_asset_mgmt.ai_asset_owner]	The AI asset owner is responsible for: Confirm that AI assets are represented accurately and kept up to date Manage AI assets like AI systems, AI models, datasets, and prompts through their asset lifecycle from intake to retirement Access My overview, Value, and Adoption tabs Creating an AI asset from the AI Control Tower home page using Create AI Asset icon Marking the deploy phase of the AI asset lifecycle task complete. If the AI asset gets deployed, then the state of the task doesn’t change anything automatically in the asset table or the asset governance details record	None

AI AI Risk and Compliance roles

The AI Risk and Compliance application installs the essential role to perform respective day-to-day operational tasks for managing AI systems across the enterprise.

Table 2. Roles and their descriptions
Role title [name]	Description	Contains roles
AI Risk and Compliance Admin [sn_grc_ai_gov.ai_risk_and_compliance_admin]	The AI Risk and Compliance Admin can perform the following tasks: Set up risk and impact assessment frameworks. Configure risk assessment methodologies, risk contribution factors, and impact assessment templates Define automation rules for impact assessments to determine applicable risks and controls based on the assessment responses Set up and profile AI case types Delete AI systems. Enable or disable Entity-Based Access for record types associated with entity properties, and configure the Entity-Based Access settings as needed. Note: GRC: Entity Based Access application must be installed to use this feature	sn_smart_asmt.template_manager sn_grc_ai_gov.ai_risk_and_compliance_manager sn_smart_asmt.assessment_admin sn_grc_workspace.state_model_admin sn_smart_asmt.template_contributor sn_ai_case_mgmt.ai_case_admin sn_reg_body_mgmt.writer sn_risk_advanced.ara_admin sn_rec_pg_vertical.admin sn_grc_ent_access.admin Note: GRC: Entity Based Access application must be installed for this role to be available.
AI Risk and Compliance Manager [sn_grc_ai_gov.ai_risk_and_compliance_manager]	The AI Risk and Compliance Manager can access all AI systems on the system and perform the following tasks: Initiate impact assessments Manage the life cycle of an AI system Initiate risk assessments Initiate control attestations Write and update access to the bulk access update configuration. Note: GRC: Entity Based Access application must be installed to use this feature.	sn_grc_ai_gov.ai_risk_and_compliance_analyst sn_smart_asmt.template_contributor sn_smart_asmt.template_manager sn_risk_advanced.risk_asmt_project_manager sn_ai_case_mgmt.ai_case_manager sn_grc_ent_access.bulk_access_config_admin Note: GRC: Entity Based Access application must be installed for this role to be available.
AI Risk and Compliance Analyst [sn_grc_ai_gov.ai_risk_and_compliance_analyst]	The AI Risk and Compliance Analyst can access all AI systems assigned to them in the system and perform the following tasks only on the assigned records: Initiate impact assessments Manage the life cycle of an AI system Initiate risk assessments Initiate control attestations	sn_ai_case_mgmt.ai_case_analyst sn_smart_asmt.assessment_reader sn_smart_asmt.template_reader sn_grc_ai_gov.ai_risk_and_compliance_business_user sn_grc_ai_gov.ai_risk_and_compliance_reader sn_grc_workspace.user sn_grc_workspace.state_model_reader sn_risk_advanced.ara_creator sn_risk_advanced.ara_assessor sn_risk_advanced.ara_approver sn_risk_advanced.risk_asmt_project_user
AI Risk and Compliance Business User [sn_grc_ai_gov.ai_risk_and_compliance_business_user]	The AI Risk and Compliance User can perform the following tasks: Create AI case on the Employee Center Work on the assigned tasks Perform control attestations	sn_grc_workspace.assessment_template_configuration_reader sn_smart_asmt.actor sn_grc_workspace.user sn_smart_asmt.assessment_reader sn_risk_advanced.risk_asmt_project_reader Note: For more information on AI Control Tower roles, see AI Control Tower roles.
AI Risk and Compliance Reader [sn_grc_ai_gov.ai_risk_and_compliance_reader]	The AI Risk and Compliance Reader can have read access to the AI systems and AI impact assessments.	sn_grc_workspace.user sn_grc_workspace.state_model_reader
AI System Reader [sn_grc_ai_gov.ai_risk_and_compliance_ai_system_reader]	The AI System Reader can have read access to the AI systems on AI Control Tower workspace and AI Risk and Compliance workspace.	NA
AI Case Business User [sn_ai_case_mgmt.ai_case_business_user]	The AI Case Business User can create AI case and AI inquiry on the Employee Center.	sn_grc_case_mgmt.grc_case_business_user
AI Case Analyst [sn_ai_case_mgmt.ai_case_analyst]	The AI Case Analyst can review the AI cases and AI inquiries assigned to them in the system and perform the following tasks only on the assigned records: Identify and manage impacted and related areas such as policies, regulations, and enterprise-wide compliance risks Identify and manage issues related to impacted areas to eliminate the root causes	sn_grc_case_mgmt.grc_case_analyst sn_ai_case_mgmt.ai_case_business_user
AI Case Manager [sn_ai_case_mgmt.ai_case_manager]	The AI Case Manager can review all the AI cases, AI inquiries, and its associated information.	sn_ai_case_mgmt.ai_case_analyst sn_grc_case_mgmt.grc_case_manager
AI Case Admin [sn_ai_case_mgmt.ai_case_admin]	The AI Case Admin can manage type profiles to segregate AI cases. They can set up assignment rules and delete AI cases.	sn_grc_case_mgmt.grc_case_admin sn_ai_case_mgmt.ai_case_manager