In System Center Service Manager, the security rights that allow users to access or update information are defined in a user role profile. A user role profile is a named collection of access rights and usually corresponds to employees’ business responsibilities. Each user role profile controls access to entities stored in and managed through System Center Service Manager, including programs, control objectives, control activities, and risks.

The IT GRC Process Management Pack includes user role profiles that build on and extend the existing System Center Service Manager user profiles. These IT GRC Process Management Pack user role profiles are specific to the IT GRC Process Management Pack.

Users who perform specific user roles are assigned to a user role profile. Some of the user roles for the IT GRC Process Management Pack are members of the user role profiles that are specific to the IT GRC Process Management Pack. Other user roles for the IT GRC Process Management Pack are members of the System Center Service Manager user role profiles.

The following table lists the IT GRC Process Management Pack user roles, the user role profile to which the user role is assigned, and a brief description of the user role.

User role

User role profile

Description

Administrator

Administrators

Responsible for installation of the IT GRC Process Management Pack, IT Compliance Management Libraries and the ongoing management of system wide configuration settings.

Compliance Program Manager

Compliance Program Manager

Responsible for the management of IT GRC programs within their organization and helps ensure that the organization is in compliance with authority document citations.

Compliance Program Implementer

Compliance Program Implementer

Responsible for the management of control objectives, control activities, and risks. Also responsible for managing the day-to-day tasks, such as performing control activity compliance tests or updating risk information.

Compliance Program Read Only Users

Read-Only Operators

Responsible for viewing IT GRC entities, such as programs, control objectives, control activities, and risks. Also responsible for creating compliance incidents.

Library Author

Authors

Responsible for customizing the IT GRC Process Management Pack or the IT Compliance Management Libraries. Also responsible for creating new management packs that work with the IT GRC Process Management Pack. These users are also typically members of the Administrator user role profile in their authoring environment.

For more information about user roles in System Center Service Manager, see About User Roles.