Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Roles installed with Security Incident Response

Roles installed with Security Incident Response

Security Incident Response adds the following roles.
Table 1. Roles for Security Incident Response
Role title [name] Description Contains roles
security admin

[sn_si.admin]

Full control over all Security Incident Response data. Also administers territories and skills, as needed.
Note: In the base system, the administrator also has access to sn_si.admin. Security Incident Response can be restricted from the administrator as long as at least one other user is assigned the security admin role.
  • catalog_admin
  • skill_admin
  • skill_model_admin
  • sn_si.analyst
  • sn_si.manager
  • sn_si.knowledge_admin
  • sn_si.manager
  • template_admin
  • template_editor_global
  • territory_admin
  • treemap_admin
  • user_admin
security analyst

[sn_si.analyst]

Tier 1 and 2 security analysts work on security incidents. They can create and update security incidents, requests, and tasks, as well as problems, changes, and outages related to their incidents.
  • sn_si.basic
  • sn_vul.vulnerability_read (if the Vulnerability Response plugin is activated)
security basic

[sn_si.basic]

Underlying role for basic Security access. Users with this role can create and update security incidents, requests, and tasks, as well as problems, changes, and outages related to their incidents.
  • document_management_user
  • grc_user (if the GRC:Risk plugin is activated)
  • inventory_user
  • pa_viewer
  • service_fullfiller
  • skill_user
  • sn_si.read
  • task_activity_writer
  • task_editor
  • treemap_user
ciso

[sn_si.ciso]

View and manipulate the CISO dashboard. Also, if the Vulnerability Response plugin is activated, users with this role can add vulnerability significance definition treemaps to the dashboard.
  • pa_viewer
  • sn_si.read
external

[sn_si.external]

External users can view tasks assigned to them.
  • service_fulfiller
integration user

[sn_si.integration_user]

External tools can provide new security incident records and update security incident records.
  • import_transformer
knowledge admin

[sn_si.knowledge_admin]

Manage, update, and delete the information in the Security Incident knowledge base.
  • knowledge_admin
manager

[sn_si.manager]

Same access as security analysts, with the additional ability to adjust the members of assignment groups.
  • sn_si.basic
read

[sn_si.read]

Read security incidents.
  • grc_compliance_reader (if the GRC:Risk plugin is activated)
special access

[sn_si.special_access]

Users without a security role can interact with a security incident. The special access role is used with the Read access and the Privileged access lists.

To interact with a security incident, you must be in the special access role and assigned to one of the special access lists (read or privileged).

Users with special access roles have their own module containing all security incidents assigned to them. No other modules are available to them. No one else can see the Visible to Me module.

This site is scheduled for a small content update on Tuesday, December 18th, between the hours of 4:00pm and 8:00pm Pacific Time (Dec 19 00:00 – Dec 19 4:00 UTC). Access to this site may be slightly delayed during that time.