Product documentation Docs
    • English
    • Deutsch
    • 日本語
    • 한국어
    • Français
  • More Sites
    • Now Community
    • Developer Site
    • Knowledge Base
    • Product Information
    • ServiceNow.com
    • Training
    • Customer Success Center
    • ServiceNow Support Videos
  • Log in

Product documentation

  • Home
How search works:
  • Punctuation and capital letters are ignored
  • Special characters like underscores (_) are removed
  • Known synonyms are applied
  • The most relevant topics (based on weighting and matching to search terms) are listed first in search results
Topics are ranked in search results by how closely they match your search terms
  • A match on the entire phrase you typed
  • A match on part of the phrase you typed
  • A match on ALL of the terms in the phrase you typed
  • A match on ANY of the terms in the phrase you typed

Note: Matches in titles are always highly ranked.

  • Release version
    Table of Contents
    • Security Operations
Table of Contents
Choose your release version
    Home Orlando Security Incident Management Security Operations Vulnerability Response Supported applications and setup for Vulnerability Response Additional Vulnerability Response setup tasks Manage persona and granular roles for Vulnerability Response

    Manage persona and granular roles for Vulnerability Response

    • Save as PDF Selected topic Topic & subtopics All topics in contents
    • Unsubscribe Log in to subscribe to topics and get notified when content changes.
    • Share this page

    Manage persona and granular roles for Vulnerability Response

    After you complete your initial assignment of persona roles using Setup Assistant, manage additional granular role assignments to users or groups from the User Administration module in your instance.

    Before you begin

    If you have not already completed your initial set up and configuration for Vulnerability Response using Setup Assistant, or assigned persona roles to users and groups, navigate to Vulnerability Response > Administration > Setup Assistant. See Assign the Vulnerability Response persona roles using Setup Assistant.

    For key terms and an overview of persona roles, see Vulnerability Response personas and granular roles.

    A persona role is pre-configured role in the application that is made up of multiple granular roles. The persona roles in Setup Assistant, Vulnerability Admin, Vulnerability Analyst, Remediation Owner, Configuration Item Manager, and Exception Manager, are designed to correspond to common job titles for managers, analysts, and service owners in an IT organization or vulnerability remediation group.

    If you want your users and groups to have more access than one of the roles permits, you can add more granular roles to users and groups. Conversely, if you want to limit access for specific users and groups at the task level, you can remove granular roles. Also, you can build custom roles to suit your needs.

    Role required: admin

    Procedure

    1. To manage granular roles for users and groups, choose one to continue.
      OptionDescription
      Edit the granular roles for a user or group Assign or remove granular roles for users or groups, or edit granular roles so that only select users within a group have expanded or limited permissions.

      An example follows the table.

      Create a new role Create a new role using one or more granular roles from the library for a specific job title, or to fulfill a specific requirement.

      An example follows the table.

      The names for the granular roles in Vulnerability Response usually describe what users can do and see. To view descriptions of specific granular roles, navigate to User Administration > Roles and locate the role that you want. Role description, roles that are automatically inherited when a role is assigned, and any roles that depend on other roles are also listed.

    2. To assign or remove a granular role for a user or a group, follow these steps.
      As an example, assume you want to assign an IT manager with a role that permits this manager to view records but not update or edit them. To view records in Vulnerability Response, Performance Analytics for Vulnerability Response, and for all third party integrations, you assign this user with the sn_vul.read_all granular role.
      1. Navigate to User Administration > Users.
      2. Locate the user, and, in the Name column, click the record to open it.
        The user's record is displayed.
      3. If not selected, select the Roles tab.
        The roles currently assigned to the user are displayed.
      4. Click Edit.
        The Edit members form is displayed.
      5. In the Collection field of the slushbucket, enter the name of the role if you know it, or, enter *sn_vul to view only the granular roles available for Vulnerability Response.
      6. Locate and move sn_vul.read_all to the Roles List.
        Note: Use the same process to remove specific granular roles from users in the slushbucket by moving the role from the Roles list to the Collection list.
      7. Click Save.
        The user record is displayed with the new granular role.
      8. Click Update to save your changes and return to the Users list.
        You have provided a user with permission to read but not update records in Vulnerability Response, Performance Analytics for Vulnerability Response, and for third party integrations.
    3. To edit a group so that only specific members have expanded access with more granular roles, follow these steps.
      As example, assume you want to permit certain users in the Remediation Owner (sn_vul.remediation_owner) group to create vulnerable items manually, but you don't want to expand that permission to all users in the group. The permission to create vulnerable items manually is granted by the sn_vul.create_vulnerable_items granular role. To grant this permission to only select users from this group, follow these steps.
      1. Navigate to User Administration > Groups.
      2. Locate the Remediation Owner group, and, in the Name column, click the group to open the record.
        The group record is displayed.
      3. If not selected, select the Group Members tab.
        The current members of the group are displayed.
      4. Click a name from the list you want to assign the granular role to and open the record.
      5. On the record, scroll to the Roles tab and select it.
        The roles assigned to the user are displayed.
      6. Click Edit.
        The Edit members form is displayed.
      7. In the Collection field, enter the name of the role if you know it, or, enter *sn_vul to view all the granular roles available for Vulnerability Response.
      8. Locate and move sn_vul.create_vulnerable_items to the Roles List.
        New granular role
      9. Click Save.
        The user record is displayed with the new granular role.
      10. Click the back arrow to return to view the users in the record for the Remediation Owner group
      11. Click names from the list you want to assign this granular role to, open their records, and use the slushbucket to assign the role.
      12. After you complete your edits, Click Update to save your changes and return to the groups list.
        You have provided some users in the Remediation Owner (sn_vul.remediation_owner) group permission to create vulnerable items manually.
    4. To create a new role using only granular roles you select, follow these steps.
      For this example, assume you want to create role for a compliance auditor. This role works closely with Governance, Risk, and Compliance (GRC), and the job requires the following permissions and tasks within Vulnerability Response:
      • Manages remediation deadlines for vulnerable items and vulnerability groups
      • Approves exception requests for extending deadlines or deferring remediation
      • Manages the clean up of older vulnerable items with auto-delete
      • Define risk scores
      • Reads all records in Vulnerability Response but is not permitted to edit them.
      1. Navigate to User Administration > Roles.
      2. In the Roles list, click New.
      3. In the Role record, fill out the fields. Create a name, select the application that contains this record, and enter a short description for your new role. For more information about the other fields on the form, see Create a role.
        Note: When creating a name for your new role, you may prefer to use a name that is easily recognized in the roles list and describes the functionality of the role. For this example, you may prefer a title such as, Compliance Auditor - GRC-VR.
      4. Click Submit.
        The Roles list is displayed.
      5. Locate your new role and click it to open the record.
      6. Click Edit.
        The Edit Members form is displayed.
      7. Use the slushbucket to add granular roles to your new role. For this example, the required roles for this new role are displayed in the right column in the following figure.
        To display only the granular roles for Vulnerability Response, in the Collection field, enter *sn_vul.
        Granular roles for a new role
      8. Click Save.
        The record for your new role is displayed. Starting with the Contains Roles tab, continue editing the role as required.
      9. Click Update to save your changes.
        Your new role is displayed on the Roles list.

    Tags:

    Feedback
    On this page

    Previous topic

    Next topic

    • Contact Us
    • Careers
    • Terms of Use
    • Privacy Statement
    • Sitemap
    • © ServiceNow. All rights reserved.

    Release version
    Choose your release version

      Manage persona and granular roles for Vulnerability Response

      • Save as PDF Selected topic Topic & subtopics All topics in contents
      • Unsubscribe Log in to subscribe to topics and get notified when content changes.
      • Share this page

      Manage persona and granular roles for Vulnerability Response

      After you complete your initial assignment of persona roles using Setup Assistant, manage additional granular role assignments to users or groups from the User Administration module in your instance.

      Before you begin

      If you have not already completed your initial set up and configuration for Vulnerability Response using Setup Assistant, or assigned persona roles to users and groups, navigate to Vulnerability Response > Administration > Setup Assistant. See Assign the Vulnerability Response persona roles using Setup Assistant.

      For key terms and an overview of persona roles, see Vulnerability Response personas and granular roles.

      A persona role is pre-configured role in the application that is made up of multiple granular roles. The persona roles in Setup Assistant, Vulnerability Admin, Vulnerability Analyst, Remediation Owner, Configuration Item Manager, and Exception Manager, are designed to correspond to common job titles for managers, analysts, and service owners in an IT organization or vulnerability remediation group.

      If you want your users and groups to have more access than one of the roles permits, you can add more granular roles to users and groups. Conversely, if you want to limit access for specific users and groups at the task level, you can remove granular roles. Also, you can build custom roles to suit your needs.

      Role required: admin

      Procedure

      1. To manage granular roles for users and groups, choose one to continue.
        OptionDescription
        Edit the granular roles for a user or group Assign or remove granular roles for users or groups, or edit granular roles so that only select users within a group have expanded or limited permissions.

        An example follows the table.

        Create a new role Create a new role using one or more granular roles from the library for a specific job title, or to fulfill a specific requirement.

        An example follows the table.

        The names for the granular roles in Vulnerability Response usually describe what users can do and see. To view descriptions of specific granular roles, navigate to User Administration > Roles and locate the role that you want. Role description, roles that are automatically inherited when a role is assigned, and any roles that depend on other roles are also listed.

      2. To assign or remove a granular role for a user or a group, follow these steps.
        As an example, assume you want to assign an IT manager with a role that permits this manager to view records but not update or edit them. To view records in Vulnerability Response, Performance Analytics for Vulnerability Response, and for all third party integrations, you assign this user with the sn_vul.read_all granular role.
        1. Navigate to User Administration > Users.
        2. Locate the user, and, in the Name column, click the record to open it.
          The user's record is displayed.
        3. If not selected, select the Roles tab.
          The roles currently assigned to the user are displayed.
        4. Click Edit.
          The Edit members form is displayed.
        5. In the Collection field of the slushbucket, enter the name of the role if you know it, or, enter *sn_vul to view only the granular roles available for Vulnerability Response.
        6. Locate and move sn_vul.read_all to the Roles List.
          Note: Use the same process to remove specific granular roles from users in the slushbucket by moving the role from the Roles list to the Collection list.
        7. Click Save.
          The user record is displayed with the new granular role.
        8. Click Update to save your changes and return to the Users list.
          You have provided a user with permission to read but not update records in Vulnerability Response, Performance Analytics for Vulnerability Response, and for third party integrations.
      3. To edit a group so that only specific members have expanded access with more granular roles, follow these steps.
        As example, assume you want to permit certain users in the Remediation Owner (sn_vul.remediation_owner) group to create vulnerable items manually, but you don't want to expand that permission to all users in the group. The permission to create vulnerable items manually is granted by the sn_vul.create_vulnerable_items granular role. To grant this permission to only select users from this group, follow these steps.
        1. Navigate to User Administration > Groups.
        2. Locate the Remediation Owner group, and, in the Name column, click the group to open the record.
          The group record is displayed.
        3. If not selected, select the Group Members tab.
          The current members of the group are displayed.
        4. Click a name from the list you want to assign the granular role to and open the record.
        5. On the record, scroll to the Roles tab and select it.
          The roles assigned to the user are displayed.
        6. Click Edit.
          The Edit members form is displayed.
        7. In the Collection field, enter the name of the role if you know it, or, enter *sn_vul to view all the granular roles available for Vulnerability Response.
        8. Locate and move sn_vul.create_vulnerable_items to the Roles List.
          New granular role
        9. Click Save.
          The user record is displayed with the new granular role.
        10. Click the back arrow to return to view the users in the record for the Remediation Owner group
        11. Click names from the list you want to assign this granular role to, open their records, and use the slushbucket to assign the role.
        12. After you complete your edits, Click Update to save your changes and return to the groups list.
          You have provided some users in the Remediation Owner (sn_vul.remediation_owner) group permission to create vulnerable items manually.
      4. To create a new role using only granular roles you select, follow these steps.
        For this example, assume you want to create role for a compliance auditor. This role works closely with Governance, Risk, and Compliance (GRC), and the job requires the following permissions and tasks within Vulnerability Response:
        • Manages remediation deadlines for vulnerable items and vulnerability groups
        • Approves exception requests for extending deadlines or deferring remediation
        • Manages the clean up of older vulnerable items with auto-delete
        • Define risk scores
        • Reads all records in Vulnerability Response but is not permitted to edit them.
        1. Navigate to User Administration > Roles.
        2. In the Roles list, click New.
        3. In the Role record, fill out the fields. Create a name, select the application that contains this record, and enter a short description for your new role. For more information about the other fields on the form, see Create a role.
          Note: When creating a name for your new role, you may prefer to use a name that is easily recognized in the roles list and describes the functionality of the role. For this example, you may prefer a title such as, Compliance Auditor - GRC-VR.
        4. Click Submit.
          The Roles list is displayed.
        5. Locate your new role and click it to open the record.
        6. Click Edit.
          The Edit Members form is displayed.
        7. Use the slushbucket to add granular roles to your new role. For this example, the required roles for this new role are displayed in the right column in the following figure.
          To display only the granular roles for Vulnerability Response, in the Collection field, enter *sn_vul.
          Granular roles for a new role
        8. Click Save.
          The record for your new role is displayed. Starting with the Contains Roles tab, continue editing the role as required.
        9. Click Update to save your changes.
          Your new role is displayed on the Roles list.

      Tags:

      Feedback

          Share this page

          Got it! Feel free to add a comment
          To share your product suggestions, visit the Idea Portal.
          Please let us know how to improve this content

          Check any that apply

          To share your product suggestions, visit the Idea Portal.
          Confirm

          We were unable to find "Coaching" in Jakarta. Would you like to search instead?

          No Yes
          • Contact Us
          • Careers
          • Terms of Use
          • Privacy Statement
          • Sitemap
          • © ServiceNow. All rights reserved.

          Subscribe Subscribed Unsubscribe Last updated: Tags: January February March April May June July August September October November December No Results Found Versions Search preferences successfully updated My release version successfully updated My release version successfully deleted An error has occurred. Please try again later. You have been unsubscribed from all topics. You are now subscribed to and will receive notifications if any changes are made to this page. You have been unsubscribed from this content Thank you for your feedback. Form temporarily unavailable. Please try again or contact  docfeedback@servicenow.com  to submit your comments. The topic you requested does not exist in the release. You were redirected to a related topic instead. The available release versions for this topic are listed There is no specific version for this documentation. Explore products Click to go to the page. Release notes and upgrades Click to open the dropdown menu. Delete Remove No selected version Reset This field is required You are already subscribed to this topic Attach screenshot The file you uploaded exceeds the allowed file size of 20MB. Please try again with a smaller file. Please complete the reCAPTCHA step to attach a screenshot
          Log in to personalize your search results and subscribe to topics
          No, thanks Login