Cloud Account Management ACL groups, roles, and responsibilities

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Cloud Account Management ACL groups, roles, and responsibilities

    In ServiceNow Cloud Account Management, Access Control Lists (ACLs), groups, and roles define how permissions and responsibilities are distributed to manage cloud accounts efficiently and securely. Understanding these roles helps ensure proper governance, streamlined account provisioning, and compliance with organizational policies.

    Show full answer Show less

    Key Roles and Responsibilities

    • Requester Group (snitomcam.cwrequester): Initiates cloud account requests by providing necessary details and justifications. They also manage account statuses by requesting suspensions or reactivations.
    • Approver Group (snitomcam.cwapprover): Evaluates and approves or denies cloud account requests, ensuring requests comply with budget constraints. They communicate decisions clearly to requesters through comments.
    • Admin Group (snitomcam.cwadmin): Oversees the entire cloud account lifecycle, verifying configuration alignment with cloud provider and Terraform settings. They provision new accounts, troubleshoot provisioning issues, customize data certification policies, and maintain centralized control over all cloud accounts.
    • Certifier Group (snitomcam.cwcertifier): Certifies discovered cloud accounts by reviewing compliance standards and manages verification tasks to confirm proper account vetting and ongoing monitoring.

    How These Roles Work Together

    The requester triggers and manages cloud account requests, which the approver evaluates against budget and policy compliance. The admin ensures configurations are correctly aligned, provisions accounts, and resolves issues, maintaining centralized control. Meanwhile, the certifier validates discovered accounts and oversees verification to maintain compliance and security.

    Access control lists (ACLs), groups, and roles in Cloud Account Management control how access permissions are organized and managed within a cloud environment.

    Groups and roles in Cloud Account Management

    Table 1. Cloud Account Management groups and responsibilities
    Group Role Responsibilities
    ITOM Cloud Account Management requester group sn_itom_cam.cw_requester
    • Initiates cloud account requests: Triggers the process for creating cloud accounts.
    • Justifies account creation: Provides clear and compelling reasons for why each cloud account is needed.
    • Gathers and submits account information: Collects and submits all the necessary details required for successful cloud account creation.
    • Manages account status: Request suspension or reactivation of cloud accounts as needed.
    ITOM Cloud Account Management approver group sn_itom_cam.cw_approver
    • Evaluates and approves account requests: Review account creation requests, carefully assessing their validity and alignment with budget constraints. Following this evaluation, the administrator grants approval or denial of the request.
    • Verifies budgetary compliance: Confirms that the requested cloud account aligns with available budgetary resources before granting approval.
    • Communicates decisions with clear rationale: Communicates clearly the approval or denial decision to the requester by adding a comment to the request itself. This comment should provide a concise and informative explanation for the decision.
    ITOM Cloud Account Management admin group sn_itom_cam.cw_admin
    • Verifies configuration alignment: Verifies that Cloud Account Management configurations are consistent and aligned with both cloud provider configurations and Terraform configurations. This process promotes secure access management practices across all environments.
    • Provisions cloud accounts: Configures the cloud context to provision new cloud accounts, streamlining the account creation process.
    • Troubleshoots provisioning issues: Diagnoses and resolves any problems encountered during cloud account provisioning, promoting successful account creation.
    • Customizes data certification policy: Tailors the Cloud Account Management default data certification policy to meet specific organizational requirements, promoting appropriate data handling procedures.
    • Manages all accounts: Oversees all cloud accounts, including CW-managed accounts and on-boarded accounts, guaranteeing centralized control and visibility.
    ITOM Cloud Account Management certifier group sn_itom_cam.cw_certifier
    • Certifies discovered accounts: Reviews discovered accounts listed in the Subscription Accounts tab and designates them as certified if they meet compliance standards or failed if they don't. This process verifies proper vetting and ongoing monitoring of cloud accounts.
    • Manages verification tasks: Accesses and reviews verification tasks associated with cloud accounts. Following review, the administrator can certify tasks to indicate their successful completion.

    How they work together

    Table 2. Cloud Account Management groups and responsibilities
    Group Role Responsibilities
    ITOM Cloud Account Management requester group sn_itom_cam.cw_requester
    • Initiates cloud account requests: Triggers the process for creating cloud accounts and provides the information for creating the account.
    • Manages account status: Requests suspension or reactivation of cloud accounts.
    ITOM Cloud Account Management approver group sn_itom_cam.cw_approver
    • Evaluates and approves account requests.
    • Verifies budgetary compliance of requested cloud accounts and alignment with available budgetary resources.
    ITOM Cloud Account Management certifier group sn_itom_cam.cw_certifier
    • Certifies discovered accounts.
    • Accesses and reviews verification tasks associated with cloud accounts.
    ITOM Cloud Account Management admin group sn_itom_cam.cw_admin
    • Verifies that Cloud Account Management configurations are consistent and aligned with both cloud provider configurations and Terraform configurations.
    • Provisions cloud accounts.
    • Troubleshoots provisioning issues: Diagnoses and resolves any problems encountered during cloud account provisioning.
    • Customizes data certification policies to meet specific organizational requirements.
    • Oversees all cloud accounts, including CW-managed and on-boarded accounts, guaranteeing centralized control and visibility.

    To return to the main topic, see Exploring Cloud Account Management.