In the standard ServiceNow security model for ITSM, the ability to delete records is highly restricted to prevent data loss and maintain the audit trail. While the itil role allows users to create and update incidents, and the incident_manager role allows for the oversight of the incident process, neither has the out-of-the-box permission to delete Incident records. The itil_admin role is specifically designed to grant elevated permissions—including the deletion of incidents—without requiring the full system admin role. This ensures a "least privilege" approach while still allowing administrative cleanup of the Incident table.