Roles installed with Operational Resilience

  • Release version: Australia
  • Updated May 30, 2026
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Roles installed with Operational Resilience

    The Operational Resilience application in ServiceNow installs several predefined roles designed to manage and operate various aspects of operational resilience, business continuity management (BCM), and integrated risk management (IRM). These roles define responsibilities from administration and management to user-level access, enabling customers to configure, monitor, and report on resilience activities effectively.

    Show full answer Show less

    Key Roles and Their Responsibilities

    • Operational Resilience Administrator (snoperres.admin): Handles configuration of scenarios, entity types, filters, and dashboard reports. Requires the ITIL role for CMDB relationship setup. This role includes administrative and case management privileges.
    • Operational Resilience Manager (snoperres.manager): Oversees operational resilience through dashboards and reports, with permissions to submit operational vulnerabilities.
    • Operational Resilience User (snoperres.user): Reviews dashboards, completes impact tolerance and test plans, and accesses vulnerability response data. Can submit operational vulnerability reports from the employee center.
    • BCM and Operational Resilience Roles: Include Administrator, Manager, and User roles that integrate BCM and Operational Resilience responsibilities. The BCM and Operational Resilience User can view BCM UIB Workspace but cannot access IRM reports.
    • IRM Operational Resilience Roles: Administrator, Manager, and User roles focused on IRM, allowing access to Operational Resilience Workspace but restricting BCM data access. These roles are contingent on policy, compliance, and risk management plugin installations.
    • Incident Reporting Roles: Specific roles for managing and participating in Digital Resilience incident reporting activities.

    Role Families and Lite Apps

    When Lite Apps for BCM or IRM are installed, specialized roles (e.g., snoperres.bcmopresuser, snoperres.irmopresuser) are introduced to provide appropriate access levels and count users as Lite operators. These roles enable users to access respective configurable workspaces but restrict access to complementary areas like Compliance or Risk Workspaces unless additional roles are assigned.

    Access to Workspaces

    • Operational Resilience and BCM Workspace Access: Granted to users with BCM Operational Resilience roles (User, Manager, Admin).
    • Operational Resilience Workspace Access: Available to users with IRM Operational Resilience roles.
    • Risk Workspace Access: Requires specific risk manager roles.
    • Compliance Workspace Access: Requires designated compliance analyst or manager roles.

    Plugin Dependencies

    • BCM Professional: Automatically installs required applications like Business Continuity Planning, Business Impact Analysis, Crisis Management, and Data Relationships Framework. BCM Professional customers cannot install IRM plugins, so some GRC roles (sngrc.reader, manager, admin) are unavailable unless IRM Professional plugins are installed.
    • IRM Professional: Requires manual installation of Advanced Risk Assessment, Data Relationships Framework, Policy and Compliance Management, and Risk Management applications. Installing these plugins grants users GRC roles needed for comprehensive access.

    Practical Implications for ServiceNow Customers

    Understanding and assigning the correct roles is crucial for enabling users to perform their operational resilience tasks effectively. The role structure ensures segregation of duties between administration, management, and operational users, as well as between BCM and IRM domains. Customers must also consider plugin dependencies to unlock full functionality, especially when combining BCM and IRM capabilities. Proper role assignment ensures secure access to workspaces, reporting features, and incident management functions, supporting compliance and risk mitigation objectives within the ServiceNow platform.

    Several types of roles are installed with the Operational Resilience application.

    Roles that are installed with Operational Resilience

    Note:
    For more information on roles and FAQs, see KB0555605.
    Table 1. Roles installed with Operational Resilience
    Role name Description
    Operational Resilience administrator

    [sn_oper_res.admin]

    		 The Operational Resilience administrator is responsible for:
    • Configuring scenarios
    • Setting up entity types, entity filters, and reporting pillars based on dashboard requests from the business teams.
    • Customizing reports on the Operational Resilience dashboard.

    The Operational Resilience administrator should have the ITIL role to add the CMDB relationship between the service and the process.

    The Operational Resilience administrator role contains the following roles:
    • sn_grc.admin
    • sn_oper_res.manager
    • Contains sn_grc_case_mgmt.grc_case_admin, who inherits the ability to set up the vulnerability type, state models, vulnerability assessment templates, and document templates.
    Operational Resilience Manager

    [sn_oper_res.manager]

    		 The Operational Resilience Manager is responsible for:
    • Ensuring operational resilience in the organization using the dashboards and reports
    • Reviewing reports on the Operational Resilience dashboard, as well as supporting data.
    The Operational Resilience Manager role contains the following roles:
    • sn_grc.manager
    • sn_compliance.reader
    • sn_oper_res.user
    • sn_risk.reader
    • Contains sn_grc_case_mgmt.grc_case_manager, who inherits the ability to submit operational vulnerability (A type of case).
    Operational Resilience User

    [sn_oper_res.user]

    		 The Operational Resilience User is responsible for:
    • Reviewing reports on the Operational Resilience dashboard, as well as supporting data.
    • Completing impact tolerance and test plans for individuals assigned to the service impact analysis.

    The Operational Resilience User can access the Vulnerability Response data.

    The Operational Resilience User role contains the following roles:
    • sn_incident.read
    • sn_grc.reader
    • task_editor
    • Contains sn_grc_case_mgmt.grc_case_business_user, who can be assigned tasks or issues in the operational vulnerability.
    sn_oper_res.operational_resilience_business_user

    Submits "Report operational vulnerability" from the employee center from: instancename/esc?id=emp_taxonomy_topic&topic_id=14aedd93a314121051b1ab18951e6150&in_context=true
    BCM and Operational Resilience Administrator [sn_oper_res.bcm_opres_admin] The BCM and Operational Resilience Administrator role contains the following roles:
    • sn_oper_res.bcm_opres_manager
    • sn_oper_res.admin
    BCM and Operational Resilience Manager [sn_oper_res.bcm_opres_manager] The BCM and Operational Resilience Manager role contains the following roles:
    • sn_oper_res.bcm_opres_user
    • sn_oper_res.manager
    BCM and Operational Resilience User [sn_oper_res.bcm_opres_user] The BCM and Operational Resilience User role has the following permissions:
    • Can read the BCM UIB Workspace.
    • Cannot access the IRM reports or data.
    The BCM and Operational Resilience User role contains the following roles:
    • sn_bcm.viewer
    • sn_oper_res.user
    IRM Operational Resilience User [sn_oper_res.irm_opres_user]
    The Integrated Risk Management (IRM) Operational Resilience User role cannot access the BCM reports and data. It contains:
    • sn_grc.reader
    • sn_oper_res.user
    The following user roles are contained only when policy and compliance management and risk management are installed:
    • sn_compliance.reader
    • sn_risk.reader
    IRM Operational Resilience Administrator [sn_oper_res.irm_opres_admin] The IRM Operational Resilience Administrator role contains the following roles:
    • sn_oper_res.irm_opres_manager
    • sn_oper_res.admin
    IRM Operational Resilience Manager [sn_oper_res.irm_opres_manager] The IRM Operational Resilience Manager role contains the following roles:
    • sn_oper_res.irm_opres_user
    • sn_oper_res.manager
    Table 2. Model types when Lite Apps are installed
    Roles

    Family

    		 Comments
    sn_oper_res.admin IRM None
    sn_oper_res.manager IRM None
    sn_oper_res.user IRM The sn_oper_res.user role is required to access Vulnerability profile records.
    New roles introduced
    sn_oper_res.bcm_opres_admin BCM

    The sn_bcm.viewer role is required to access the BCM Configurable Workspace.​

    A user with the sn_oper_res.bcm_opres_user+ role can access both Operational Resilience Workspace and BCM Configurable Workspace.
    sn_oper_res.bcm_opres_manager BCM
    sn_oper_res.bcm_opres_user BCM
    sn_oper_res.irm_opres_admin IRM

    A user with the sn_oper_res.irm_opres_user+​ role can access the Operational Resilience Workspace, but cannot access the Compliance Workspace and Risk Workspace. ​

    Extra roles are needed to access the Compliance Workspace and Risk Workspace.
    sn_oper_res.irm_opres_manager IRM
    sn_oper_res.irm_opres_user IRM

    Roles created for BCM Professional and IRM Professional

    • The following roles are created for the BCM Professional users:
      Note:
      When the app-grc-bcm-lite applications are not installed, the users with these roles are counted as operators.
      • sn_oper_res.bcm_opres_admin
      • sn_oper_res.bcm_opres_manager
      • sn_oper_res.bcm_opres_user
    • The following roles are created for the IRM Professional users:
      Note:
      When the app-grc-bcm-lite applications are not installed, the users with these roles are counted as operators.
      • sn_oper_res.irm_opres_admin
      • sn_oper_res.irm_opres_manager
      • sn_oper_res.irm_opres_user​
    • When the following Lite applications are installed, the users with the sn_oper_res.bcm_opres_user, sn_oper_res.irm_opres_user, or sn_oper_res.user roles are counted as Lite operators.
      • BCM Lite application: app-grc-bcm-lite (Plugin id: com.snc.app_grc_bcm_lite)​
      • IRM Lite application: app-grc-business-user-lite (Plugin id: com.sn_grc_lite)​
    • The sn_oper_res.admin, sn_oper_res.manager, and sn_oper_res.user roles are included in IRM.

    Roles required for accessing the Workspaces

    A user with one of the following roles can access the Operational Resilience Workspace and BCM Configurable Workspace:
    • sn_oper_res.bcm_opres_user​
    • sn_oper_res.bcm_opres_manager​
    • sn_oper_res.bcm_opres_admin
    ​A user with any following role can access the Operational Resilience Workspace:
    • sn_oper_res.irm_opres_user
    • sn_oper_res.irm_opres_manager
    • sn_oper_res.irm_opres_admin
    A user with one of the following roles can access the Risk Workspace:
    • sn_risk_workspace.business_op_risk_manager​
    • sn_risk_workspace.IT_risk_manager​
    • sn_risk_workspace.operational_risk_manager​
    A user with one of the following roles can access the Compliance Workspace:
    • sn_compliance_ws.corporate_compliance_analyst​
    • sn_compliance_ws.corporate_compliance_manager​
    • sn_compliance_ws.it_compliance_manager​

    Roles used for reporting the incidents

    The following roles are used for reporting incidents in the Digital resilience incident reporting module.
    Table 3. Roles used for reporting the incidents
    Role Description
    sn_dri_inc_rptg.digital_resilience_incident_admin Role for setting up administrative and Digital resilience incident activities.
    sn_dri_inc_rptg.digital_resilience_incident_manager Role for creating Operational Resilience and Digital resilience incident activities.
    sn_dri_inc_rptg.digital_resilience_incident_user Role for participating in Operational Resilience and Digital resilience incident activities.

    Plugin dependencies for BCM Professional

    For BCM Professional, the following mandatory applications are installed with Operational Resilience.
    • Business Continuity Planning (com.snc.bcm.app_bcm_planning)
    • Business Impact Analysis (com.snc.bcm.app_bcm_bia)
    • Crisis Management (com.snc.bcm.app_bcm_exercise)
    • Data Relationships Framework (com.sn_app_grc_relationship_config)
    • Optional: Vulnerability Response (com.snc.vulnerability)

    Plugin dependencies for IRM Professional

    For IRM Professional, the following applications are required and must be installed manually with Operational Resilience.
    • Advanced Risk Assessment (com.sn_risk_advanced)
    • Data Relationships Framework (com.sn_app_grc_relationship_config)
    • Policy and Compliance Management (com.sn_compliance)
    • Risk Management (com.sn_risk)
    • Optional: Vulnerability Response (com.snc.vulnerability)