In addition to Audit Manager, which role should be assigned to enable other GRC functions related to audit?

Gaining access to audit-related actions in ServiceNow GRC is managed through a dedicated audit role. In addition to having Audit Manager, assigning the sn_audit.user role unlocks the ability to use other audit features and workflows, such as working with audit records and findings, and performing standard audit tasks. This role is specific to auditing functionality, keeping access focused and aligned with the principle of least privilege. The other roles don’t fit as neatly: sn_grc.reader is read-only, so it can’t perform audit actions; sn_grc.user covers general GRC capabilities but doesn’t guarantee access to the Audit module; sn_grc.manager provides broader governance rights but isn’t specifically needed to enable audit-related functions.