Control user access to business services Assign user roles to service groups to control user access to business or IT services in your organization. Before you beginMake sure that you have performed the user provisioning tasks for Service Mapping or Event Management users: Add users to groups. Create new roles. Assign roles to users or user groups. Make sure that you have created service groups as described in Organize business services into groups.Role required: admin About this task Users inherit permissions from roles that are assigned to them. Service Mapping provides these preconfigured roles: sm_admin Sets up the Service Mapping application. Maps, fixes, and maintains business services. Also performs advanced configuration and customization of the product. Assign this role to application administrators. sm_user Views business service maps to plan change or migration, as well as analyze the continuity and availability of services. Assign this role to application users. sm_app_owner Provides information necessary for successful mapping of a business service. Once a service is mapped, this user reviews the results and either approves it or suggests changes. Assign the sm_app_owner role to users who own business services and are familiar with the infrastructure and applications that make up the services. Event Management provides these preconfigured roles: evt_mgmt_admin Has read and write access to all Event Management features to configure Event Management. evt_mgmt_operator In addition to the evt_mgmt_user permissions, can also activate operations on alerts such as acknowledge, close, open incident, and run remediations. evt_mgmt_user Has read access to all Event Management features. Has write access to alerts to manage the alert life. Has the itil role to be able to manage incidents that are created from alerts. evt_mgmt_integration Has create access to the Event [em_event] and Registered Nodes [em_registered_nodes] tables to integrate with external event sources. Typically, enterprises have hundreds of services which makes it impractical to manage them individually. How you organize business, manual or technical services, depends on the user and service provisioning policies of your enterprise.The relation between business services in groups is purely logical and the same business service can be part of more than one group. For more information about service groups, see Organize business services into groups. You can also have a hierarchy of service groups with some groups embedded within others. If users have access to a parent business service group, they automatically have access to all its child groups. By assigning a Service Mapping role to a service group, you allow all users with this role to access all services belonging to this group. Figure 1. Assigning a role to a service group In the base system, all services are assigned to the All service group that lets all users view and manage the services. When you assign a role to a service group, the users with this role can access only IT services in this service group. Users cannot access any IT services, which are not part of that service group. You can give access to services to existing or new users. You can also add users to groups to assign roles simultaneously to multiple users. You can assign some roles directly to business service groups. However, most enterprises choose to organize their roles as a hierarchy. It helps to manage roles across multiple ServiceNow applications. For example, the Service Mapping administrator [sm_admin] can be part of a broader administrator role like administrator [admin]. By assigning roles to user groups, you give permissions and rights of this role to all users belonging to the same group. Procedure If using Service Mapping, navigate to Service Mapping > Services > Service Group Responsibilities. If using Event Management, navigate to Event Management > Services > Service Group Responsibilities. Click New. In the Business Service Group field, enter the name of the group. In the Role field, enter the name of the role. For example, evt_mgmt_admin. Click Submit.