Use the following high-level process for managing IT GRC Process Management Pack user roles:

  1. Create groups of objects for an existing program as described in How to Create a Group in Service Manager usingthe information from the following table.

    Group name

    Dynamic member class

    Dynamic member criteria

    <program name> scope group

    Program

    <policy item> title equals <Program title>

    Shared control objectives

    Control objective

    <compliance policy item> shared equals Yes

    Shared control activities

    Control activity

    <compliance policy item> shared equals Yes

    Shared risks

    Risk

    <compliance policy item> shared equals Yes

    For more information about groups, queues, and lists in Service Manager, see Using Groups, Queues, and Lists in Service Manager.

  2. Specify the groups of objects that can be managed by user roles by using one of the following methods:

    • Select the four groups that were created in Step 1 and all groups that begin with ApplicabilityInstanceGroup when you create the user role. The groups are selected on the Groups page in the User Role Wizard in the Service Manager Console as described in How to Create a User Role.

      Note
      Depending on the number of objects selected in the groups, this process can affect the performance of Service Manager. Instead, consider using the AddTypeToRoleScope.ps1 Windows PowerShell script as described in the “How to Configure the Scope for an IT GRC Process Management Pack User Role” section in this guide.
    • Configuring the groups after the user role is created by editing the user role. You can update the groups that are selected for the user role in the Groups section on the properties form of the user role.

      Note
      Depending on the number of objects selected in the groups, this process can affect the performance of Service Manager. Instead, consider using the AddTypeToRoleScope.ps1 Windows PowerShell script as described in the “How to Configure the Scope for an IT GRC Process Management Pack User Role” section in this guide.
    • Configuring the groups after the user role is created by running the AddTypeToRoleScope.ps1 Windows PowerShell script. The advantage to this method is described in the “How to Configure the Scope for an IT GRC Process Management Pack User Role” section in this guide.