Roles installed with Operational Resilience

Release version: Zurich

Updated July 31, 2025

4 minutes to read

Summarize

Summarized using AI

Summary of Roles installed with Operational Resilience

The Operational Resilience application in ServiceNow Zurich release includes a set of predefined roles designed to manage and support operational resilience, business continuity management (BCM), and integrated risk management (IRM). These roles delineate responsibilities for administrators, managers, and users, enabling effective configuration, reporting, monitoring, and incident handling within the Operational Resilience framework.

Show full answer Show less

Key Roles and Their Responsibilities

Operational Resilience Administrator (snoperres.admin): Manages scenario configurations, entity types, filters, and dashboard customization. Requires ITIL role for CMDB relationships. Inherits administrative permissions including governance, risk, and compliance (GRC) setup.
Operational Resilience Manager (snoperres.manager): Oversees operational resilience using dashboards and reports. Contains roles for GRC and compliance reading, risk reading, and vulnerability case management.
Operational Resilience User (snoperres.user): Reviews dashboard reports, completes impact tolerance and test plans, and accesses Vulnerability Response data. Can submit operational vulnerabilities via the Employee Center.
BCM and Operational Resilience Roles: Include Administrator, Manager, and User roles combining BCM and Operational Resilience permissions. Users can access BCM UIB Workspace but not IRM reports.
IRM Operational Resilience Roles: Administrator, Manager, and User roles focused on IRM with access limited to Operational Resilience Workspace but not BCM or compliance/risk workspaces unless additional roles are granted.

Role Families and Lite App Integration

When BCM and IRM Lite applications are installed, specific roles such as snoperres.bcmopresuser and snoperres.irmopresuser are treated as Lite operators, granting access to corresponding workspaces. The roles are structured to allow customers to assign appropriate permissions based on their installed applications and required access levels to Operational Resilience, BCM, IRM, Compliance, and Risk Workspaces.

Access to Workspaces

Operational Resilience and BCM Workspace: Accessible by BCM Operational Resilience roles including users, managers, and administrators.
Operational Resilience Workspace: Accessible by IRM Operational Resilience roles.
Risk Workspace: Requires specific risk manager roles.
Compliance Workspace: Requires designated compliance analyst and manager roles.

Incident Reporting Roles

The Digital Resilience Incident Reporting module includes roles for administering, managing, and participating in resilience incident activities:

digitalresilienceincidentadmin – Administers incident activities.
digitalresilienceincidentmanager – Creates operational and digital resilience incident activities.
digitalresilienceincidentuser – Participates in incident activities.

Plugin Dependencies

BCM Professional: Requires Business Continuity Planning, Business Impact Analysis, Crisis Management, and Data Relationships Framework applications. Vulnerability Response is optional.
IRM Professional: Requires Advanced Risk Assessment, Data Relationships Framework, Policy and Compliance Management, and Risk Management applications. Vulnerability Response is optional.

This role structure ensures ServiceNow customers can assign precise permissions aligned with their organizational needs for operational resilience, BCM, and IRM, facilitating effective governance, risk, and compliance management.

Several types of roles are installed with the Operational Resilience application.

Roles that are installed with Operational Resilience

Note:

For more information on roles and FAQs, see KB0555605.

Table 1. Roles installed with Operational Resilience
Role name	Description
Operational Resilience administrator [sn_oper_res.admin]	The Operational Resilience administrator is responsible for: Configuring scenarios Setting up entity types, entity filters, and reporting pillars based on dashboard requests from the business teams. Customizing reports on the Operational Resilience dashboard. The Operational Resilience administrator should have the ITIL role to add the CMDB relationship between the service and the process. The Operational Resilience administrator role contains the following roles: sn_grc.admin sn_oper_res.manager Contains sn_grc_case_mgmt.grc_case_admin, who inherits the ability to set up the vulnerability type, state models, vulnerability assessment templates, and document templates.
Operational Resilience Manager [sn_oper_res.manager]	The Operational Resilience Manager is responsible for: Ensuring operational resilience in the organization using the dashboards and reports Reviewing reports on the Operational Resilience dashboard, as well as supporting data. The Operational Resilience Manager role contains the following roles: sn_grc.manager sn_compliance.reader sn_oper_res.user sn_risk.reader Contains sn_grc_case_mgmt.grc_case_manager, who inherits the ability to submit operational vulnerability (A type of case).
Operational Resilience User [sn_oper_res.user]	The Operational Resilience User is responsible for: Reviewing reports on the Operational Resilience dashboard, as well as supporting data. Completing impact tolerance and test plans for individuals assigned to the service impact analysis. The Operational Resilience User can access the Vulnerability Response data. The Operational Resilience User role contains the following roles: sn_incident.read sn_grc.reader task_editor Contains sn_grc_case_mgmt.grc_case_business_user, who can be assigned tasks or issues in the operational vulnerability.
sn_oper_res.operational_resilience_business_user	Submits "Report operational vulnerability" from the employee center from: instancename/esc?id=emp_taxonomy_topic&topic_id=14aedd93a314121051b1ab18951e6150&in_context=true
BCM and Operational Resilience Administrator [sn_oper_res.bcm_opres_admin]	The BCM and Operational Resilience Administrator role contains the following roles: sn_oper_res.bcm_opres_manager sn_oper_res.admin
BCM and Operational Resilience Manager [sn_oper_res.bcm_opres_manager]	The BCM and Operational Resilience Manager role contains the following roles: sn_oper_res.bcm_opres_user sn_oper_res.manager
BCM and Operational Resilience User [sn_oper_res.bcm_opres_user]	The BCM and Operational Resilience User role has the following permissions: Can read the BCM UIB Workspace. Cannot access the IRM reports or data. The BCM and Operational Resilience User role contains the following roles: sn_bcm.viewer sn_oper_res.user
IRM Operational Resilience User [sn_oper_res.irm_opres_user]	The Integrated Risk Management (IRM) Operational Resilience User role cannot access the BCM reports and data. It contains: sn_grc.reader sn_oper_res.user The following user roles are contained only when policy and compliance management and risk management are installed: sn_compliance.reader sn_risk.reader
IRM Operational Resilience Administrator [sn_oper_res.irm_opres_admin]	The IRM Operational Resilience Administrator role contains the following roles: sn_oper_res.irm_opres_manager sn_oper_res.admin
IRM Operational Resilience Manager [sn_oper_res.irm_opres_manager]	The IRM Operational Resilience Manager role contains the following roles: sn_oper_res.irm_opres_user sn_oper_res.manager

Table 2. Model types when Lite Apps are installed
Roles	Family	Comments
sn_oper_res.admin	IRM	None
sn_oper_res.manager	IRM	None
sn_oper_res.user	IRM	The sn_oper_res.user role is required to access Vulnerability profile records.
New roles introduced
sn_oper_res.bcm_opres_admin	BCM	The sn_bcm.viewer role is required to access the BCM Configurable Workspace. A user with the sn_oper_res.bcm_opres_user+ role can access both Operational Resilience Workspace and BCM Configurable Workspace.
sn_oper_res.bcm_opres_manager	BCM
sn_oper_res.bcm_opres_user	BCM
sn_oper_res.irm_opres_admin	IRM	A user with the sn_oper_res.irm_opres_user+ role can access the Operational Resilience Workspace, but cannot access the Compliance Workspace and Risk Workspace. Extra roles are needed to access the Compliance Workspace and Risk Workspace.
sn_oper_res.irm_opres_manager	IRM
sn_oper_res.irm_opres_user	IRM

Roles created for BCM Professional and IRM Professional

The following roles are created for the BCM Professional users:
Note:
When the app-grc-bcm-lite applications are not installed, the users with these roles are counted as operators.
- sn_oper_res.bcm_opres_admin
- sn_oper_res.bcm_opres_manager
- sn_oper_res.bcm_opres_user
The following roles are created for the IRM Professional users:
Note:
When the app-grc-bcm-lite applications are not installed, the users with these roles are counted as operators.
- sn_oper_res.irm_opres_admin
- sn_oper_res.irm_opres_manager
- sn_oper_res.irm_opres_user
When the following Lite applications are installed, the users with the sn_oper_res.bcm_opres_user, sn_oper_res.irm_opres_user, or sn_oper_res.user roles are counted as Lite operators.
- BCM Lite application: app-grc-bcm-lite (Plugin id: com.snc.app_grc_bcm_lite)
- IRM Lite application: app-grc-business-user-lite (Plugin id: com.sn_grc_lite)
The sn_oper_res.admin, sn_oper_res.manager, and sn_oper_res.user roles are included in IRM.

Roles required for accessing the Workspaces

A user with one of the following roles can access the Operational Resilience Workspace and BCM Configurable Workspace:

sn_oper_res.bcm_opres_user
sn_oper_res.bcm_opres_manager
sn_oper_res.bcm_opres_admin

A user with any following role can access the Operational Resilience Workspace:

sn_oper_res.irm_opres_user
sn_oper_res.irm_opres_manager
sn_oper_res.irm_opres_admin

A user with one of the following roles can access the Risk Workspace:

sn_risk_workspace.business_op_risk_manager
sn_risk_workspace.IT_risk_manager
sn_risk_workspace.operatonal_risk_manager

A user with one of the following roles can access the Compliance Workspace:

sn_compliance_ws.corporate_compliance_analyst
sn_compliance_ws.corporate_compliance_manager
sn_compliance_ws.it_compliance_manager

Roles used for reporting the incidents

The following roles are used for reporting incidents in the Digital resilience incident reporting module.

Table 3. Roles used for reporting the incidents
Role	Description
sn_dri_inc_rptg.digital_resilience_incident_admin	Role for setting up administrative and Digital resilience incident activities.
sn_dri_inc_rptg.digital_resilience_incident_manager	Role for creating Operational Resilience and Digital resilience incident activities.
sn_dri_inc_rptg.digital_resilience_incident_user	Role for participating in Operational Resilience and Digital resilience incident activities.

Plugin dependencies for BCM Professional

For BCM Professional, the following mandatory applications are installed with Operational Resilience.

Business Continuity Planning (com.snc.bcm.app_bcm_planning)
Business Impact Analysis (com.snc.bcm.app_bcm_bia)
Crisis Management (com.snc.bcm.app_bcm_exercise)
Data Relationships Framework (com.sn_app_grc_relationship_config)
Optional: Vulnerability Response (com.snc.vulnerability)

Plugin dependencies for IRM Professional

For IRM Professional, the following mandatory applications are installed with Operational Resilience.

Advanced Risk Assessment (com.sn_risk_advanced)
Data Relationships Framework (com.sn_app_grc_relationship_config)
Policy and Compliance Management (com.sn_compliance)
Risk Management (com.sn_risk)
Optional: Vulnerability Response (com.snc.vulnerability)