Removing assignments from container vulnerable items and remediation tasks

  • Release version: Xanadu
  • Updated May 29, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Removing assignments from container vulnerable items and remediation tasks

    ServiceNow enables you to clear theAssigned toandAssignment groupfields on container vulnerable items (CVITs) and remediation tasks (CVULs) when you determine these records are incorrectly assigned or outside your remediation scope. This unassignment capability is available directly from CVIT and CVUL records in both classic and workspace views, improving assignment accuracy and workload distribution.

    Show full answer Show less

    Unassign Workflow and Approval Process

    The Unassign UI action appears on CVIT and CVUL records except when they are in the Closed or Resolved state. When a remediation owner initiates unassignment, the system can trigger an approval workflow based on the snvul.unassignvr.approvalrequired system property.

    • If approval is enabled (default), a state change approval record is created and routed to users with the snvulcontainer.unassignapprover role. They can approve or reject the unassignment request.
    • Vulnerability administrators can disable this approval process by setting the system property to false.

    Upon approval of unassignment for a CVUL, all CVITs linked with the same assignment group are also unassigned, except those manually assigned differently.

    System Properties for Assignment Management

    Two key system properties allow customization of assignment behaviors:

    • snvul.unassignvr.approvalrequired — Controls whether unassignment requests require approval.
    • snvul.defaultassignmentgroup — Specifies a default assignment group to receive records when the assignment fields are cleared. This enables automatic routing to a designated group for review instead of leaving records unassigned.

    Practical Benefits for ServiceNow Customers

    • Improves accuracy of assignment for container vulnerabilities and remediation tasks by enabling self-service unassignment when records are incorrectly routed.
    • Supports governance and control through configurable approval workflows before unassignments take effect.
    • Enables automatic reassignment to a default group to maintain accountability and visibility of unassigned records.
    • Facilitates better tracking by listing unassigned records in a dedicated module for Container Vulnerability Response.

    You can clear the Assigned to and Assignment group fields on container vulnerable items directly from the container vulnerable item and remediation task records that you determine might be incorrectly assigned to you or your groups.

    Overview for the workflow

    If you determine that container vulnerable items (CVITs) and remediation tasks (CVULs) aren't within your scope for remediation, or if you think that records have been incorrectly assigned to you or to your groups, you can remove yourself or your groups from the Assigned to and Assignment group fields on CVIT and CVUL records.

    The unassign workflow is supported both classic and workspace views for CVITs and CVULs.

    You have the option to send requests to clear the assignment fields for approval. See Approve or reject an unassign request in Vulnerability Response and Removing assignments from vulnerable items and remediation tasks for more information.

    • The Unassign UI action is displayed on CVIT and CVUL records in any state other than the Closed or Resolved.
      Note:
      After the request to clear the fields is approved for a CVUL, all the Assigned to and Assignment group fields on CVITs that have the same assignment group are unassigned. If any CVIT on a CVUL has a different assignment group than its associated CVUL, it is not unassigned. In most cases these CVITs have been manually assigned. See Container Vulnerability Response remediation tasks and task rules overview and Removing assignments from vulnerable items and remediation tasks for more information.
    • Any records that you update with either the UI action or manually are displayed on the Unassigned module for Container Vulnerability Response.

    See Remove assignments from vulnerable items and remediation tasks for more information about the steps for how to clear the assignment fields.

    System properties and approval notifications

    If a remediation owner selects Unassign on a record, by default, the sn_vul.unassign_vr.approval_required system property triggers the approval flow and creates a state change approval record in the Review state, and the request is routed for approval. The request is displayed on the My Approvals list for users with the sn_vul_container.unassign_approver.

    Note:
    As a vulnerability administrator [sn_vul.vulnerability_admin], you can set the sn_vul.unassign_vr.approval_required system property to false to disable the approval process.

    Additionally, you can change the value in the sn_vul.default_assignment_group system property so if the assignment fields are cleared, a specific group is assigned. For example, if a user clicks Unassign on a record and you want to redirect it to a specific group for review, you can add the system ID for the group of your choice in the value field of the system property.

    Note:
    If you change this value, notifications for all the VITs, AVITs, and CVITs that are unassigned are sent to the group you specify.