Pre-requisites to enable policy redlining feature

  • Release version: Australia
  • Updated March 12, 2026
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Pre-requisites to enable policy redlining feature

    The policy redlining feature in the ServiceNow Compliance Workspace enables policy collaborators to create, update, and manage policy documents with integrated redlining capabilities. This feature is currently available exclusively to ServiceNow cloud-based customers and requires specific configurations and integrations with cloud hosting services such as Microsoft OneDrive, Microsoft SharePoint, or Google Drive.

    Show full answer Show less

    Key Configuration Requirements

    • Cloud Hosting Integration: You must connect to exactly one cloud hosting service—either Microsoft (covering OneDrive and SharePoint) or Google Drive—to enable document management through the policy redlining feature.
    • Spokes and Frameworks: Required Integration Hub spokes include Microsoft OneDrive, Microsoft SharePoint, and Google Drive spokes, along with their respective Document Services Framework versions. Note that Integration Hub transactions for Microsoft and Google integrations may require additional Automation Engine or Integration Hub entitlements beyond those included in Compliance Workspace.
    • Microsoft Azure App Permissions: For Microsoft OneDrive and SharePoint integration, configure delegated Azure App permissions including openid, profile, Files.ReadWrite, offlineaccess, User.Read, and for SharePoint specifically, Sites.Read.All and Sites.ReadWrite.All. These permissions enable secure authentication, file access, token refresh, and site content management necessary for redlining.
    • Google Drive Setup: Requires setting up the Google Drive spoke account and integrating Document Services Framework for Google Drive, as well as integrating with Google Docs for document editing within ServiceNow.
    • System Properties Configuration: In ServiceNow, navigate to All > Policy and Compliance > Administration > GRC properties to select your cloud hosting service via the property Select a file sharing service to host documents and attachments. Options include OneDrive, SharePoint, Google Drive, or None (which allows importing policy text without cloud storage).
    • Default Folder Path: Set the default folder path for document storage within the chosen cloud service, allowing logical organization of policy files.
    • User Roles: Assign the mpdocumentuser role to users who will perform redlining activities, as it grants access to policy redlining document-related tables. Additionally, the sncompliance.user role supports compliance functionalities.
    • Administrator Responsibilities: System administrators are responsible for establishing cloud hosting connections, enabling system properties, and assigning necessary roles to policy redlining users.

    Practical Impact for ServiceNow Customers

    By completing these pre-requisites, ServiceNow customers can leverage the policy redlining feature to collaboratively edit and manage policy documents securely within the Compliance Workspace. The integrations with Microsoft or Google cloud services allow seamless document access, editing, and version control, improving policy governance and collaboration efficiency.

    This setup ensures that policy collaborators have authenticated, authorized access to documents, can work offline as needed, and maintain compliance with organizational policies through controlled document management.

    Certain configurations are required to be set up for policy collaborators to use the policy redlining feature in the Compliance Workspace.

    Important:

    Currently, the policy authoring and redlining feature is available exclusively to ServiceNow cloud-based customers.

    Spoke support for cloud hosting services

    Spokes required for Policy authoring – integration with Microsoft Office 365
    • Microsoft OneDrive Spoke – 2.1.1
    • Microsoft OneDrive Spoke for Document Service Framework – 1.0.5
    Spokes required for Policy authoring – integration with Microsoft SharePoint
    • Microsoft OneDrive spoke 2.3.1
    • Document services framework for OneDrive – 2.0.0
    Spokes required for Policy authoring – integration with Google Drive
    • Document Service Framework for Google Drive Spoke – 1.0.1
    • Google Drive Spoke – 1.4.1
    Note:
    Integration Hub entitlements included in the Compliance Workspace are for Policy authoring – integration with O365 and integration with Google Drive. Using Microsoft integration or Google Drive integration requires Integration Hub transactions not included in the Compliance Workspace product but requires an Automation Engine or Integration Hub entitlement.

    Connecting to cloud hosting services

    If you’re a policy collaborator wanting to use the policy redlining feature in the Compliance Workspace, then you must set up the following configurations.
    Note:
    You can establish a connection with only one of the following cloud hosting services: either Microsoft or Google Drive.

    Microsoft implies both Microsoft OneDrive and Microsoft SharePoint.

    Establish a connection with cloud hosting services
    Connection with Microsoft OneDrive
    You must first set up the Microsoft OneDrive to perform actions in Microsoft OneDrive from ServiceNow. For more information, see Setup Microsoft OneDrive for Document Services.
    Note:
    To set up connection you require the following delegated Microsoft Azure App permissions:
    • openid: Enables secure user authentication through Microsoft’s identity platform, ensuring that access to the Policy Redlining application is verified and trusted.
    • profile: Provides access to the basic profile information of the user, such as their name. This information is used to personalize the redlining experience and display relevant user details within the interface.
    • Files.ReadWrite: Allows the application to create, read, and update any files the user has permission to access. This is essential for opening, modifying, and saving policy documents during the redlining process on behalf of the authenticated user.
    • offline_access: Grants the ability to refresh access tokens even when the user is not actively logged in. This ensures continuous access to Microsoft resources without requiring frequent re-authentication.
    • User.Read: Allows the application to retrieve the signed-in user’s basic profile details. This is required for assigning or validating file permissions specific to that user during redlining activities.
    Connection with Microsoft SharePoint
    You must first set up the Microsoft SharePoint to perform actions in Microsoft SharePoint site from ServiceNow. For more information, see Setup Microsoft OneDrive for Document Services.

    The Microsoft OneDrive setup configured in ServiceNow is the same as that is done for Microsoft SharePoint as well. However, the Microsoft Azure App permissions are required for Microsoft SharePoint.

    Note:
    To set up connection, you require the following delegated Microsoft Azure App permissions:
    • openid: Enables secure user authentication through Microsoft’s identity platform, ensuring that access to the Policy Redlining application is verified and trusted.
    • profile: Provides access to the user’s basic profile information (such as their name). This information is used to personalize the redlining experience and display relevant user details within the interface.
    • Files.ReadWrite: Allows the application to create, read, and update any files the user has permission to access. This is essential for opening, modifying, and saving policy documents during the redlining process on behalf of the authenticated user.
    • offline_access: Grants the ability to refresh access tokens even when the user is not actively logged in. This ensures continuous access to Microsoft resources without requiring frequent re-authentication.
    • User.Read: Allows the application to retrieve the signed-in user’s basic profile details. This is required for assigning or validating file permissions specific to that user during redlining activities.
    • Sites.Read.All: Allows the application to read content across SharePoint sites. This is needed to verify that the user has permission to access the document located in the specified SharePoint site URL, Validate if user has provided a valid site url, validate if user has access to the site they are accessing.
    • Sites.ReadWrite.All: Allows the application to read and write content across SharePoint sites. This is needed to create and update files in SharePoint document libraries. This is needed to verify that the user has permission to access the document located in the specified SharePoint site URL, Validate if user has provided a valid site url, validate if user has access to the site they are accessing.
    Connection with Google Drive
    To set up Google Drive as a cloud hosting service and to create or update the policy text document that resides in Google Drive, you must:
    1. Set up Google Drive spoke account.
    2. Integrate the Document Services with Google Drive. For more information, see Document Services Framework for Google Drive.
    3. To manage documents in Google Docs from your ServiceNow instance, you must integrate the ServiceNow instance with Google docs. For more information, see Set up the Google Docs.

    Setting up system properties to connect with cloud hosting services

    Enable system properties to use policy redlining in Compliance Workspace
    1. Navigate to All > Policy and Compliance > Administration > GRC properties.
      1. To opt Microsoft OneDrive as your cloud hosting service, select One drive in the Select a file sharing service to host documents and attachments system property list.

        If you select None in the Select a file sharing service to host documents and attachments system property list, then you can import the policy text. For more information, see Import policy text for redlining.

      2. To opt Google Drive as your cloud hosting service, select Google drive in the Select a file sharing service to host documents and attachments system property list.
      3. To opt Microsoft SharePoint, select SharePoint in the Select a file sharing service to host documents and attachments system property list.
    2. Set the folder path that is to be created in Microsoft OneDrive in the Default folder path where documents and attachments will be located. You can organize files in sub-folders within this path system property list.
    Provide mp_document_user role
    The mp_document_user role is required to access policy redlining document-related tables. This role is required for users using the policy redlining feature to create, update, and delete the related documents.

    As a sys admin you can establish the cloud hosting connection, enable system properties, and provide the mp_document_user role and compliance user (sn_compliance.user) role for the policy redlining users.