How can access to application menus/modules in ServiceNow be controlled?

In ServiceNow, access to application menus/modules is primarily controlled by roles. Roles act as a mechanism to define what actions users can perform and what data they can see within the platform. Each role can have specific permissions granted to it, allowing users assigned that role to access particular resources, which includes application menus and modules.

By assigning roles to users or groups of users, an administrator can effectively manage who is able to navigate through the various applications and modules within ServiceNow. For example, a role designed for IT personnel might have access to Incident Management modules, whereas a different role meant for non-technical staff may only allow access to knowledge articles or service requests.

While permissions are indeed associated with roles, they do not directly control access by themselves without the roles framework. Settings generally refer to application-wide configurations that do not directly manage user access, and groups serve to organize users but do not inherently grant access without the appropriate roles assigned to those groups. Thus, roles serve as the crucial element in controlling access to various application menus and modules within ServiceNow, making this choice the most appropriate answer.