Roles installed with AI Risk and Compliance

  • Release version: Yokohama
  • Updated July 31, 2025
  • 2 minutes to read

    • The AI Risk and Compliance installs the essential roles to perform respective day-to-day operational tasks for managing AI systems across the enterprise.

    Table 1. Roles and their descriptions
    Role title [name] Description Contains roles

    AI Risk and Compliance Admin

    [sn_grc_ai_gov.ai_risk_and_compliance_admin]

    		 ​The AI Risk and Compliance Admin can perform the following tasks:
    • Set up risk and impact assessment frameworks. Configure risk assessment methodologies, risk contribution factors, and impact assessment templates.
    • Define automation rules for impact assessments to determine applicable risks and controls based on the assessment responses.
    • Set up and profile AI case types.
    • Delete AI systems.
    • Enable or disable Entity-Based Access for record types associated with entity properties, and configure the Entity-Based Access settings as needed.
      Note:
      GRC: Entity Based Access application must be installed to use this feature.
    • sn_risk.admin
    • sn_smart_asmt.template_manager
    • sn_grc_ai_gov.ai_risk_and_compliance_manager
    • sn_smart_asmt.assessment_admin
    • sn_grc_workspace.state_model_admin
    • sn_smart_asmt.template_contributor
    • sn_compliance.admin
    • sn_compliance.control_framework_admin*
    • sn_compliance.library_admin*
    • sn_compliance.policy_admin*
    • sn_grc_ent_access.admin
      Note:
      GRC: Entity Based Access application must be installed.

    AI Risk and Compliance Manager

    [sn_grc_ai_gov.ai_risk_and_compliance_manager]

    		 ​The AI Risk and Compliance Manager can access all AI systems on the system and perform the following tasks:​
    • Initiate impact assessments.
    • Manage the lifecycle of an AI system.
    • Initiate risk assessments.
    • Initiate control attestations.
    • Write and update access to the bulk access update configuration.
      Note:
      GRC: Entity Based Access application must be installed to use this feature.
    • sn_grc_ai_gov.ai_risk_and_compliance_analyst
    • sn_smart_asmt.template_contributor
    • sn_smart_asmt.template_manager
    • sn_risk.manager
    • sn_compliance.control_framework_manager*
    • sn_compliance.library_manager*
    • sn_compliance.policy_manager*
    • sn_grc_ent_access.bulk_access_config_admin
      Note:
      GRC: Entity Based Access application must be installed.

    AI Risk and Compliance Analyst

    [sn_grc_ai_gov.ai_risk_and_compliance_analyst]

    		 The AI Risk and Compliance Analyst can access all AI systems assigned to them in the system and perform the following tasks only on the assigned records:
    • Initiate impact assessments.
    • Manage the lifecycle of an AI system.
    • Initiate risk assessments.
    • Initiate control attestations.
    • sn_ai_case_mgmt.ai_case_analyst
    • sn_smart_asmt.assessment_reader
    • sn_grc_ai_gov.ai_risk_and_compliance_business_user
    • sn_smart_asmt.template_reader
    • sn_risk_advanced.ara_approver
    • sn_grc_ai_gov.ai_risk_and_compliance_​reader
    • sn_grc_workspace.user
    • sn_risk.user
    • sn_risk_advanced.ara_assessor
    • sn_compliance.library_user*
    • sn_compliance.control_framework_user*
    • sn_compliance.policy_user*

    AI Risk and Compliance User

    [sn_grc_ai_gov.ai_risk_and_compliance_business_user]

    		 The ​AI Risk and Compliance User can perform the following tasks:
    • Create AI case on the Employee Center.
    • Work on the assigned tasks.
    • Perform control attestations.
    • sn_grc_workspace.assessment_template_configuration_reader
    • sn_smart_asmt.actor
    • sn_grc.business_user
    • sn_grc_workspace.user
    • sn_smart_asmt.assessment_reader
    • sn_compliance.control_framework_business_user*
    • sn_compliance.library_business_user*
    • sn_compliance.policy_business_user*

    AI Risk and Compliance Reader

    [sn_grc_ai_gov.ai_risk_and_compliance_reader]

    		 ​The AI Risk and Compliance Reader can have read access to the AI systems and AI impact assessments.
    • sn_risk.reader
    • sn_grc_workspace.user
    • sn_compliance.library_reader*
    • sn_compliance.control_framework_reader*
    • sn_compliance.policy_reader*

    AI System Reader

    [sn_grc_ai_gov.ai_risk_and_compliance_ai_system_reader]

    		 ​The AI System Reader can have read access to the AI systems on AI Control Tower workspace and AI Risk and Compliance workspace.​ NA​

    AI Case Business User

    [sn_ai_case_mgmt.ai_case_business_user]

    		 The AI Case Business User can create ​AI case and AI inquiry on the Employee Center. sn_grc_case_mgmt.grc_case_business_user​

    AI Case Analyst

    [sn_ai_case_mgmt.ai_case_analyst]

    		 The AI Case Analyst can review the AI cases and AI inquiries assigned to them in the system and perform the following tasks only on the assigned records:
    • Identify and manage impacted and related areas such as policies, regulations, and enterprise wide compliance risks.
    • Identify and manage issues related to impacted areas to eliminate the root causes.
    • sn_grc_case_mgmt.grc_case_analyst
    • sn_ai_case_mgmt.ai_case_business_user

    AI Case Manager

    [sn_ai_case_mgmt.ai_case_manager]

    		 The AI Case Manager can review all the AI cases, AI inquiries, and its associated information.
    • sn_ai_case_mgmt.ai_case_analyst
    • sn_grc_case_mgmt.grc_case_manager

    AI Case Admin

    [sn_ai_case_mgmt.ai_case_admin]

    		 The AI Case Admin can manage type profiles to segregate AI cases. They can set up assignment rules and delete AI cases.
    • sn_grc_case_mgmt.grc_case_admin
    • sn_ai_case_mgmt.ai_case_manager