Roles in Service Operations Workspace for ITSM
You can configure the user access for Service Operations Workspace (SOW) pages using various roles.
(com.snc.itsm.roles) before assigning the SOW user roles. Without this plugin, role inheritance chains such as (sn_incident_read inheriting
sn_sow.sow_home and sn_sow.sow_list) may not function correctly and users may not be able to access the SOW workspace even with the expected roles assigned.| Role | Description | Inherited roles |
|---|---|---|
| itil | Provides access to all SOW pages. | sn_sow.sow_user |
| sn_sow.sow_user | Provides access to SOW. By default, the itil role contains the sn_sow.sow_user. In case a user has roles other than itil, ensure that sn_sow.sow_user role is assigned to the user to access SOW. | None |
| sn_sow.sow_home | Provides access to SOW home (landing) page. | sn_sow.sow_user |
| sn_sow.sow_list | Provides access to SOW list pages. | sn_sow.sow_user |
| admin | Provides access to all the pages in SOW including SOW Admin Center. A user with this role can perform configurations for all modules in SOW Admin Center. |
None |
| sn_sow_itsm_admin.sow_admin_user | Provides access to SOW Admin Center pages for SOW configuration. A user with this role can perform configurations related to Incident Management only. | None |
| sn_sow_admin.sow_admin_center_user | Enables change managers to access the SOW Admin Center page. Change managers can use configurations for change features like modern change adoption, change models, DevOps change automation, and so on. | sn_ace.ace_user |
| awa_agent | Provides access to inbox in SOW. | None |
| sn_sow.it_agent_dashboard_user | Provides access to IT Agent Dashboard. | None |
| Service desk agent [sn_service_desk_agent] |
Enables gathering, and verifying information, as well as delivering quick resolutions for tier 1 service desk agents. This user role is available when the ITSM Roles plugin (com.snc.itsm.roles) is installed. |
With the installation of the ITSM Gen AI (com.sn.itsm.gen.ai) plugin, the following roles are also assigned:
|
| Incident Management | ||
| sn_incident_read | Provides the read access to incident record pages. | sn_sow.sow_home and sn_sow.sow_list So, users with the sn_incident_read role can access the SOW home (landing) and list pages. |
| sn_incident_write | Provides the write access to incident record pages. | sn_sow.sow_home and sn_sow.sow_list So, users with the sn_incident_write role can access the SOW home (landing) and list pages. |
| Problem Management | ||
| problem_task_analyst | Works on a problem task and manages it through its life cycle. | None |
| problem_coordinator | Works on a problem or problem task and manages it through its life cycle. | itil and problem_task_analyst |
| problem_manager | Responsible for the overall Problem Management process and can configure Problem Management settings, as well as act as a problem coordinator. | problem_coordinator |
| problem_admin | A problem manager who can also delete problems and problem tasks. | problem_manager |
| sn_problem_read | Provides the read access to problem record pages. | sn_sow.sow_home and sn_sow.sow_list allow users with the sn_problem_read role to access the SOW home (landing) and list pages. |
| sn_problem_write | Provides the write access to problem record pages. | sn_sow.sow_home and sn_sow.sow_list enable users with the sn_problem_write role to access the SOW home (landing) and list pages. |
| Change Management | ||
| sn_change_read | Provides the read access to change record pages. | sn_sow.sow_home and sn_sow.sow_list So, users with the sn_change_read role can access the SOW home (landing) and list pages. |
| sn_change_write | Provides the write access to change record pages. | sn_sow.sow_home and sn_sow.sow_list So, users with the sn_change_write role can access the SOW home (landing) and list pages. |
| change_manager | Provides access to configurations related to Change Management in SOW Admin Center. |
|
| sn_devops.viewer | Provides access to view or add DevOps data to a change request. | None |
| Request Management | ||
| sn_request_read | Provides the read access to request record pages. | sn_sow.sow_home and sn_sow.sow_list So, users with the sn_request_read role can access the SOW home (landing) and list pages. |
| sn_request_write | Provides the write access to request record pages. | sn_sow.sow_home and sn_sow.sow_list So, users with the sn_request_read role can access the SOW home (landing) and list pages. |
| On-call Scheduling | ||
| oc_read | Provides the read access to Schedules page. |
Users with the oc_read role can access the On-call Schedules, Experts On-call, Escalation Tracking, and other On-call features in Service Operations Workspace. |
sn_incident_read) but cannot access the workspace, verify that: - id="ul_access_troubleshoot"
- The ITSM Role plugin
com.snc.itsm.rolesis installed and active. - The user was assigned the role directly or via group membership.
- No custom ACL is overriding the default role-based access for SOW pages.
- For ACL-level issues, contact ServiceNow Support.