AI Control Tower roles

  • Release version: Zurich
  • Updated March 12, 2026
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of AI Control Tower roles

    The AI Control Tower roles define specific permissions and responsibilities for managing AI governance, assets, risk, and compliance within ServiceNow. These roles are installed alongside the AI Control Tower and AI Risk and Compliance applications and enable organizations to effectively govern AI initiatives, manage AI assets, and ensure compliance with policies and risk frameworks.

    Show full answer Show less

    Key Roles and Their Responsibilities

    • AI Steward: Assigned by the organization, this role manages AI Control Tower configurations, adoption of AI governance practices, AI asset lifecycle, approval playbooks, third-party LLMs/SLMs, multi-instance management, and AI discovery and gateway settings. The AI Steward plays a central role in cross-functional collaboration and policy enforcement.
    • AI Control Tower Workspace User: Manages and owns AI assets, with access to the AI Control Tower homepage and portfolio tab.
    • AI Asset Owner: Ensures AI assets are accurately represented and updated. Manages AI systems, models, datasets, and prompts through their lifecycle, including creation and deployment tasks.

    AI Risk and Compliance Roles

    • AI Risk and Compliance Admin: Sets up risk and impact assessment frameworks, configures methodologies and automation rules, manages AI case types, deletes AI systems, and configures entity-based access settings (requires GRC Entity Based Access application).
    • AI Risk and Compliance Manager: Accesses all AI systems, initiates and manages impact and risk assessments, control attestations, and updates bulk access configurations (requires GRC Entity Based Access application).
    • AI Risk and Compliance Analyst: Works on assigned AI systems to initiate assessments, manage lifecycle tasks, and perform control attestations within their assigned scope.
    • AI Risk and Compliance Business User: Creates AI cases, works on assigned tasks, and performs control attestations.
    • AI Risk and Compliance Reader: Has read-only access to AI systems and impact assessments.
    • AI System Reader: Read-only access to AI systems across AI Control Tower and AI Risk and Compliance workspaces.

    AI Case Management Roles

    • AI Case Business User: Can create AI cases and inquiries via Employee Center.
    • AI Case Analyst: Reviews assigned AI cases and inquiries, manages impacted areas related to policies, regulations, and compliance risks.
    • AI Case Manager: Reviews all AI cases and related information across the system.
    • AI Case Admin: Manages AI case type profiles, assignment rules, and deletion of AI cases.

    Practical Benefits for ServiceNow Customers

    Understanding and assigning these roles allows customers to:

    • Ensure appropriate governance and stewardship of AI assets and policies.
    • Effectively manage AI risk and compliance activities throughout the AI lifecycle.
    • Control access and operational tasks related to AI systems, cases, and assessments based on user responsibilities.
    • Leverage automation and structured workflows for AI governance and risk management, improving organizational transparency and accountability.

    Certain roles are installed along with the installation of the AI Control Tower.This section also covers roles which are installed with AI Risk and Compliance.

    Table 1. Roles and their descriptions
    Role title [name] Description Contains roles
    AI steward

    [sn_ai_governance_ai_steward]
    Note:
    The organization decides on assigning the AI steward role. By adding the users to the AI stewards group, allows user to have additional permissions related to playbook.

    The AI steward is responsible for:

    • Configuring AI Control Tower
    • Adoption of AI governance practices
    • Adoption of managing AI Control Tower and linking the AI asset Inventory
    • Execution of AI Control Tower initiatives
    • Understand the AI assets and AI Control Tower policies
    • Creating AI assets
    • Completing the AI asset lifecycle
    • Collaboration of cross-functional teams within the organization to confirm that the organization policies are adhered
    • Creating AI Control Tower Approval Playbook for Now Assist approvals.
    • Configure third-party LLMs and SLMs
    • Configure Multi-instance management
    • Add and edit a value template
    • Learning to use the access map
    • Approve or reject an approval request

    For AI discovery:

    • Activate or deactivate hyperscaler connections
    • Select the hyperscaler connections to discover agents and usage on-demand

    For AI Gateway:

    • Add an MCP server via AI Agent Studio
    • Set up MCP client connections
    • sn_nowassist_admin.user
    • sn_ai_governance.workspace_admin
    • sn_aia.admin
    • aig_admin
    • sn_mcp_client.admin
    • sn_align_core.apw_user- Can create, update, and delete portfolio plans, free-form road maps, and planning items
    • it_demand_manager- User who manages the inflow, screening and facilitates the prioritization of IT demands
    • it_project_manager- User of the project management application, and manager of IT projects
    • sn_apw_advanced.pf_user- Can create, view, update, and delete the Product Feedback records
    AI Control Tower Workspace user [sn_ai_governance_workspace_user]

    The AI Control Tower Workspace user is responsible for:

    • Own and manage the AI assets
    • Access the AI Control Tower home page
    • Exclusive access to the AI portfolio tab
    		 None
    AI asset owner [sn_ai_asset_mgmt.ai_asset_owner]

    The AI asset owner is responsible for:

    • Confirm that AI assets are represented accurately and kept up to date
    • Manage AI assets like AI systems, AI models, datasets, and prompts through their asset lifecycle from intake to retirement
    • Access My overview, Value, and Adoption tabs
    • Creating an AI asset from the AI Control Tower home page using Create AI Asset icon
    • Marking the deploy phase of the AI asset lifecycle task complete. If the AI asset gets deployed, then the state of the task doesn’t change anything automatically in the asset table or the asset governance details record
    		 None

    AI AI Risk and Compliance roles

    The AI Risk and Compliance application installs the essential role to perform respective day-to-day operational tasks for managing AI systems across the enterprise.

    Table 2. Roles and their descriptions
    Role title [name] Description Contains roles

    AI Risk and Compliance Admin

    [sn_grc_ai_gov.ai_risk_and_compliance_admin]

    		 ​The AI Risk and Compliance Admin can perform the following tasks:
    • Set up risk and impact assessment frameworks. Configure risk assessment methodologies, risk contribution factors, and impact assessment templates
    • Define automation rules for impact assessments to determine applicable risks and controls based on the assessment responses
    • Set up and profile AI case types
    • Delete AI systems.
    • Enable or disable Entity-Based Access for record types associated with entity properties, and configure the Entity-Based Access settings as needed.
      Note:
      GRC: Entity Based Access application must be installed to use this feature
    • sn_smart_asmt.template_manager
    • sn_grc_ai_gov.ai_risk_and_compliance_manager
    • sn_smart_asmt.assessment_admin
    • sn_grc_workspace.state_model_admin
    • sn_smart_asmt.template_contributor
    • sn_ai_case_mgmt.ai_case_admin
    • sn_reg_body_mgmt.writer
    • sn_risk_advanced.ara_admin
    • sn_rec_pg_vertical.admin
    • sn_grc_ent_access.admin
      Note:
      GRC: Entity Based Access application must be installed for this role to be available.

    AI Risk and Compliance Manager

    [sn_grc_ai_gov.ai_risk_and_compliance_manager]

    		 ​The AI Risk and Compliance Manager can access all AI systems on the system and perform the following tasks:​
    • Initiate impact assessments
    • Manage the life cycle of an AI system
    • Initiate risk assessments
    • Initiate control attestations
    • Write and update access to the bulk access update configuration.
      Note:
      GRC: Entity Based Access application must be installed to use this feature.
    • sn_grc_ai_gov.ai_risk_and_compliance_analyst
    • sn_smart_asmt.template_contributor
    • sn_smart_asmt.template_manager
    • sn_risk_advanced.risk_asmt_project_manager
    • sn_ai_case_mgmt.ai_case_manager
    • sn_grc_ent_access.bulk_access_config_admin
      Note:
      GRC: Entity Based Access application must be installed for this role to be available.

    AI Risk and Compliance Analyst

    [sn_grc_ai_gov.ai_risk_and_compliance_analyst]

    		 The AI Risk and Compliance Analyst can access all AI systems assigned to them in the system and perform the following tasks only on the assigned records:
    • Initiate impact assessments
    • Manage the life cycle of an AI system
    • Initiate risk assessments
    • Initiate control attestations
    • sn_ai_case_mgmt.ai_case_analyst
    • sn_smart_asmt.assessment_reader
    • sn_smart_asmt.template_reader
    • sn_grc_ai_gov.ai_risk_and_compliance_business_user
    • sn_grc_ai_gov.ai_risk_and_compliance_reader
    • sn_grc_workspace.user
    • sn_grc_workspace.state_model_reader
    • sn_risk_advanced.ara_creator
    • sn_risk_advanced.ara_assessor
    • sn_risk_advanced.ara_approver
    • sn_risk_advanced.risk_asmt_project_user

    AI Risk and Compliance Business User

    [sn_grc_ai_gov.ai_risk_and_compliance_business_user]

    		 The ​AI Risk and Compliance User can perform the following tasks:
    • Create AI case on the Employee Center
    • Work on the assigned tasks
    • Perform control attestations
    • sn_grc_workspace.assessment_template_configuration_reader
    • sn_smart_asmt.actor
    • sn_grc_workspace.user
    • sn_smart_asmt.assessment_reader
    • sn_risk_advanced.risk_asmt_project_reader
    Note:
    For more information on AI Control Tower roles, see AI Control Tower roles.

    AI Risk and Compliance Reader

    [sn_grc_ai_gov.ai_risk_and_compliance_reader]

    		 ​The AI Risk and Compliance Reader can have read access to the AI systems and AI impact assessments.
    • sn_grc_workspace.user
    • sn_grc_workspace.state_model_reader

    AI System Reader

    [sn_grc_ai_gov.ai_risk_and_compliance_ai_system_reader]

    		 ​The AI System Reader can have read access to the AI systems on AI Control Tower workspace and AI Risk and Compliance workspace.​ NA​

    AI Case Business User

    [sn_ai_case_mgmt.ai_case_business_user]

    		 The AI Case Business User can create ​AI case and AI inquiry on the Employee Center. sn_grc_case_mgmt.grc_case_business_user​

    AI Case Analyst

    [sn_ai_case_mgmt.ai_case_analyst]

    		 The AI Case Analyst can review the AI cases and AI inquiries assigned to them in the system and perform the following tasks only on the assigned records:
    • Identify and manage impacted and related areas such as policies, regulations, and enterprise-wide compliance risks
    • Identify and manage issues related to impacted areas to eliminate the root causes
    • sn_grc_case_mgmt.grc_case_analyst
    • sn_ai_case_mgmt.ai_case_business_user

    AI Case Manager

    [sn_ai_case_mgmt.ai_case_manager]

    		 The AI Case Manager can review all the AI cases, AI inquiries, and its associated information.
    • sn_ai_case_mgmt.ai_case_analyst
    • sn_grc_case_mgmt.grc_case_manager

    AI Case Admin

    [sn_ai_case_mgmt.ai_case_admin]

    		 The AI Case Admin can manage type profiles to segregate AI cases. They can set up assignment rules and delete AI cases.
    • sn_grc_case_mgmt.grc_case_admin
    • sn_ai_case_mgmt.ai_case_manager