Use the following high-level process for managing IT GRC Process Management Pack user roles:
-
Create groups of objects for an existing program as described in How to Create a Group in Service Manager usingthe information from the following table.
Group name
Dynamic member class
Dynamic member criteria
<program name> scope group
Program
<policy item> title equals <Program title>
Shared control objectives
Control objective
<compliance policy item> shared equals Yes
Shared control activities
Control activity
<compliance policy item> shared equals Yes
Shared risks
Risk
<compliance policy item> shared equals Yes
For more information about groups, queues, and lists in Service Manager, see Using Groups, Queues, and Lists in Service Manager.
-
Specify the groups of objects that can be managed by user roles by using one of the following methods:
- Select the four groups that were created
in Step 1 and all groups that begin with ApplicabilityInstanceGroup
when you create the user role. The groups are selected on the
Groups page in the User Role Wizard in the Service Manager
Console as described in How to Create a User Role.
Note Depending on the number of objects selected in the groups, this process can affect the performance of Service Manager. Instead, consider using the AddTypeToRoleScope.ps1 Windows PowerShell script as described in the “How to Configure the Scope for an IT GRC Process Management Pack User Role” section in this guide. - Configuring the groups after the user role
is created by editing the user role. You can update the groups
that are selected for the user role in the Groups section on
the properties form of the user role.
Note Depending on the number of objects selected in the groups, this process can affect the performance of Service Manager. Instead, consider using the AddTypeToRoleScope.ps1 Windows PowerShell script as described in the “How to Configure the Scope for an IT GRC Process Management Pack User Role” section in this guide. - Configuring the groups after the user role
is created by running the AddTypeToRoleScope.ps1 Windows PowerShell
script. The advantage to this method is described in the “How
to Configure the Scope for an IT GRC Process Management Pack User
Role” section in this guide.
- Select the four groups that were created
in Step 1 and all groups that begin with ApplicabilityInstanceGroup
when you create the user role. The groups are selected on the
Groups page in the User Role Wizard in the Service Manager
Console as described in How to Create a User Role.