Roles installed with AI Risk and Compliance

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Roles installed with AI Risk and Compliance

    The AI Risk and Compliance application provides a set of predefined roles designed to facilitate the management of AI assets, risk assessments, impact assessments, and compliance activities within enterprises using ServiceNow. These roles enable users to perform operational tasks aligned with their responsibilities, ensuring governance and control over AI systems and related processes.

    Show full answer Show less

    Key Roles and Their Capabilities

    • AI Risk and Compliance Admin: Full administrative access to set up and configure risk and impact assessment frameworks, methodologies, automation rules, AI case types, and entity-based access controls. This role requires the GRC: Entity Based Access application to be installed.
    • AI Risk and Compliance Manager: Can access all AI systems to initiate and manage impact assessments, risk assessments, control attestations, and AI system life cycles. Also manages bulk access configurations. Requires GRC: Entity Based Access application for full functionality.
    • AI Risk and Compliance Analyst: Access limited to assigned AI systems to initiate impact and risk assessments, manage AI system life cycles, and perform control attestations on assigned records.
    • AI Risk and Compliance Business User: Creates AI cases via Employee Center, works on assigned tasks, and performs control attestations.
    • AI Risk and Compliance Reader: Provides read-only access to AI systems and AI impact assessments.
    • AI System Reader: Read-only access to AI systems within AI Control Tower and AI Risk and Compliance workspaces.
    • AI Case Business User: Enables creation of AI cases and inquiries via Employee Center.
    • AI Case Analyst: Reviews assigned AI cases and inquiries, identifies and manages impacted areas such as policies and compliance risks, and addresses root causes of issues.
    • AI Case Manager: Reviews all AI cases and inquiries along with associated information across the system.
    • AI Case Admin: Manages AI case type profiles, assignment rules, and has the ability to delete AI cases.

    Practical Implications for ServiceNow Customers

    By assigning appropriate roles from this set, organizations can ensure clear segregation of duties and controlled access for managing AI risk and compliance processes. The roles facilitate structured governance, allowing administrators to configure frameworks and managers or analysts to perform assessments and handle AI case management efficiently. Some roles require installation of the GRC: Entity Based Access application for enhanced access control capabilities.

    Understanding these roles helps customers tailor user permissions to align with organizational policies, enhancing security and operational efficiency in AI governance within ServiceNow.

    The AI Risk and Compliance installs the essential roles to perform respective day-to-day operational tasks for managing AI assets across the enterprise.

    Table 1. Roles and their descriptions
    Role title [name] Description Contains roles

    AI Risk and Compliance Admin

    [sn_grc_ai_gov.ai_risk_and_compliance_admin]

    		 ​The AI Risk and Compliance Admin can perform the following tasks:
    • Set up risk and impact assessment frameworks. Configure risk assessment methodologies, risk contribution factors, and impact assessment templates.
    • Define automation rules for impact assessments to determine applicable risks and controls based on the assessment responses.
    • Set up and profile AI case types.
    • Delete AI systems.
    • Enable or disable Entity-Based Access for record types associated with entity properties, and configure the Entity-Based Access settings as needed.
      Note:
      GRC: Entity Based Access application must be installed to use this feature.
    • sn_smart_asmt.template_manager
    • sn_grc_ai_gov.ai_risk_and_compliance_manager
    • sn_smart_asmt.assessment_admin
    • sn_grc_workspace.state_model_admin
    • sn_smart_asmt.template_contributor
    • sn_ai_case_mgmt.ai_case_admin
    • sn_reg_body_mgmt.writer
    • sn_risk_advanced.ara_admin
    • sn_rec_pg_vertical.admin
    • sn_grc_ent_access.admin
      Note:
      GRC: Entity Based Access application must be installed for this role to be available.

    AI Risk and Compliance Manager

    [sn_grc_ai_gov.ai_risk_and_compliance_manager]

    		 ​The AI Risk and Compliance Manager can access all AI systems on the system and perform the following tasks:​
    • Initiate impact assessments.
    • Manage the life cycle of an AI system.
    • Initiate risk assessments.
    • Initiate control attestations.
    • Write and update access to the bulk access update configuration.
      Note:
      GRC: Entity Based Access application must be installed to use this feature.
    • sn_grc_ai_gov.ai_risk_and_compliance_analyst
    • sn_smart_asmt.template_contributor
    • sn_smart_asmt.template_manager
    • sn_risk_advanced.risk_asmt_project_manager
    • sn_ai_case_mgmt.ai_case_manager
    • sn_grc_ent_access.bulk_access_config_admin
      Note:
      GRC: Entity Based Access application must be installed for this role to be available.

    AI Risk and Compliance Analyst

    [sn_grc_ai_gov.ai_risk_and_compliance_analyst]

    		 The AI Risk and Compliance Analyst can access all AI systems assigned to them in the system and perform the following tasks only on the assigned records:
    • Initiate impact assessments.
    • Manage the life cycle of an AI system.
    • Initiate risk assessments.
    • Initiate control attestations.
    • sn_ai_case_mgmt.ai_case_analyst
    • sn_smart_asmt.assessment_reader
    • sn_smart_asmt.template_reader
    • sn_grc_ai_gov.ai_risk_and_compliance_business_user
    • sn_grc_ai_gov.ai_risk_and_compliance_reader
    • sn_grc_workspace.user
    • sn_grc_workspace.state_model_reader
    • sn_risk_advanced.ara_creator
    • sn_risk_advanced.ara_assessor
    • sn_risk_advanced.ara_approver
    • sn_risk_advanced.risk_asmt_project_user

    AI Risk and Compliance Business User

    [sn_grc_ai_gov.ai_risk_and_compliance_business_user]

    		 The ​AI Risk and Compliance User can perform the following tasks:
    • Create AI case on the Employee Center.
    • Work on the assigned tasks.
    • Perform control attestations.
    • sn_grc_workspace.assessment_template_configuration_reader
    • sn_smart_asmt.actor
    • sn_grc_workspace.user
    • sn_smart_asmt.assessment_reader
    • sn_risk_advanced.risk_asmt_project_reader
    Note:
    For more information on AI Control Tower roles, see AI Control Tower roles.

    AI Risk and Compliance Reader

    [sn_grc_ai_gov.ai_risk_and_compliance_reader]

    		 ​The AI Risk and Compliance Reader can have read access to the AI systems and AI impact assessments.
    • sn_grc_workspace.user
    • sn_grc_workspace.state_model_reader

    AI System Reader

    [sn_grc_ai_gov.ai_risk_and_compliance_ai_system_reader]

    		 ​The AI System Reader can have read access to the AI systems on AI Control Tower workspace and AI Risk and Compliance workspace.​ NA​

    AI Case Business User

    [sn_ai_case_mgmt.ai_case_business_user]

    		 The AI Case Business User can create ​AI case and AI inquiry on the Employee Center. sn_grc_case_mgmt.grc_case_business_user​

    AI Case Analyst

    [sn_ai_case_mgmt.ai_case_analyst]

    		 The AI Case Analyst can review the AI cases and AI inquiries assigned to them in the system and perform the following tasks only on the assigned records:
    • Identify and manage impacted and related areas such as policies, regulations, and enterprise-wide compliance risks.
    • Identify and manage issues related to impacted areas to eliminate the root causes.
    • sn_grc_case_mgmt.grc_case_analyst
    • sn_ai_case_mgmt.ai_case_business_user

    AI Case Manager

    [sn_ai_case_mgmt.ai_case_manager]

    		 The AI Case Manager can review all the AI cases, AI inquiries, and its associated information.
    • sn_ai_case_mgmt.ai_case_analyst
    • sn_grc_case_mgmt.grc_case_manager

    AI Case Admin

    [sn_ai_case_mgmt.ai_case_admin]

    		 The AI Case Admin can manage type profiles to segregate AI cases. They can set up assignment rules and delete AI cases.
    • sn_grc_case_mgmt.grc_case_admin
    • sn_ai_case_mgmt.ai_case_manager