Roles in Service Operations Workspace for ITSM

  • Release version: Australia
  • Updated January 30, 2025
  • 3 minutes to read

    • You can configure the user access for Service Operations Workspace (SOW) pages using various roles.

    Table 1. Roles in Service Operations Workspace for ITSM
    Role Description Inherited roles
    itil Provides access to all SOW pages. sn_sow.sow_user
    sn_sow.sow_user Provides access to SOW. By default, the itil role contains the sn_sow.sow_user. In case a user has roles other than itil, ensure that sn_sow.sow_user role is assigned to the user to access SOW. None
    sn_sow.sow_home Provides access to SOW home (landing) page. sn_sow.sow_user
    sn_sow.sow_list Provides access to SOW list pages. sn_sow.sow_user
    admin Provides access to all the pages in SOW including SOW Admin Center.

    A user with this role can perform configurations for all modules in SOW Admin Center.

    		 None
    sn_sow_itsm_admin.sow_admin_user Provides access to SOW Admin Center pages for SOW configuration. A user with this role can perform configurations related to Incident Management only. None
    sn_sow_admin.sow_admin_center_user Enables change managers to access the SOW Admin Center page. Change managers can use configurations for change features like modern change adoption, change models, DevOps change automation, and so on. sn_ace.ace_user
    awa_agent Provides access to inbox in SOW. None
    sn_sow.it_agent_dashboard_user Provides access to IT Agent Dashboard. None
    Service desk agent

    [sn_service_desk_agent]

    		 Enables gathering, and verifying information, as well as delivering quick resolutions for tier 1 service desk agents. This user role is available when the ITSM Roles plugin (com.snc.itsm.roles) is installed.
    • sn_incident_write
    • sn_problem_write
    • sn_change_write
    • sn_request_write
    • tracked_file_reader
    With the installation of the ITSM Gen AI (com.sn.itsm.gen.ai) plugin, the following roles are also assigned:
    • knowledge_user
    • now_assist_panel_user
    Incident Management
    sn_incident_read Provides the read access to incident record pages. sn_sow.sow_home and sn_sow.sow_list

    So, users with the sn_incident_read role can access the SOW home (landing) and list pages.
    sn_incident_write Provides the write access to incident record pages. sn_sow.sow_home and sn_sow.sow_list

    So, users with the sn_incident_write role can access the SOW home (landing) and list pages.
    Problem Management
    problem_task_analyst Works on a problem task and manages it through its life cycle. None
    problem_coordinator Works on a problem or problem task and manages it through its life cycle. itil and problem_task_analyst
    problem_manager Responsible for the overall Problem Management process and can configure Problem Management settings, as well as act as a problem coordinator. problem_coordinator
    problem_admin A problem manager who can also delete problems and problem tasks. problem_manager
    sn_problem_read Provides the read access to problem record pages. sn_sow.sow_home and sn_sow.sow_list allow users with the sn_problem_read role to access the SOW home (landing) and list pages.
    sn_problem_write Provides the write access to problem record pages. sn_sow.sow_home and sn_sow.sow_list enable users with the sn_problem_write role to access the SOW home (landing) and list pages.
    Change Management
    sn_change_read Provides the read access to change record pages. sn_sow.sow_home and sn_sow.sow_list

    So, users with the sn_change_read role can access the SOW home (landing) and list pages.
    sn_change_write Provides the write access to change record pages. sn_sow.sow_home and sn_sow.sow_list

    So, users with the sn_change_write role can access the SOW home (landing) and list pages.
    change_manager Provides access to configurations related to Change Management in SOW Admin Center.
    • sn_sttrm_attribute_read
    • sn_sttrm_condition_read
    • sn_chg_soc.change_soc_admin
    • personalize_decision_table_input
    • sn_sow_admin.sow_admin_center_user
    • itil
    sn_devops.viewer Provides access to view or add DevOps data to a change request. None
    Request Management
    sn_request_read Provides the read access to request record pages. sn_sow.sow_home and sn_sow.sow_list

    So, users with the sn_request_read role can access the SOW home (landing) and list pages.
    sn_request_write Provides the write access to request record pages. sn_sow.sow_home and sn_sow.sow_list

    So, users with the sn_request_read role can access the SOW home (landing) and list pages.
    On-call Scheduling
    oc_read Provides the read access to Schedules page.

    Users with the oc_read role can access the On-call Schedules, Experts On-call, Escalation Tracking, Escalation Log, and other On-call features in Service Operations Workspace.
    Tip:
    If the user has a role that inherits SOW access (such as sn_incident_read) but cannot access the workspace, verify that:
    • id="ul_access_troubleshoot"
    • The ITSM Role plugin com.snc.itsm.roles is installed and active.
    • The user was assigned the role directly or via group membership.
    • No custom ACL is overriding the default role-based access for SOW pages.