Recently Viewed Topics
Note: System target group view permissions have been migrated to access groups. For scan permissions, use target groups.
With Access Groups, you can control which assets and related vulnerabilities can be viewed by specific users or groups in your organization. Access groups filter the information on workbenches (classic interface) and dashboards (new interface) to only show assets they have access to, and vulnerabilities related to those assets.
An access group contains assets that match the Asset Rules that you set, such as an AWS Account ID, FQDN, IP address, and other identifying attributes. Tenable.io uses this identifying information to match the asset rules to existing assets and to new assets as they are identified. You can then assign users or user groups to the access group, which enables them to view assets in the group.
Note: When you create or edit an access group, Tenable.io may take some time to assign assets to the access group, depending on the system load, the number of matching assets, and the number of vulnerabilities.
Only administrators can view, create, and edit access groups. As a basic or standard user, you can see the access groups you are assigned to and their asset rules, but not the other users that are in the access group.
By default, all users have access to the All Assets group, which contains all assets. Therefore, if you want to limit user viewing permissions for assets, you must first restrict users for All Assets.
Note: Tenable.io applies dynamic tags to any assets, regardless of access group scoping. As a result, it may apply tags you create to assets outside of access groups to which you belong.
You can have up to 5,000 access groups.
Note: Access groups do not support networks.
For information on using access groups, see: