TOC & Recently Viewed

Recently Viewed Topics

User Role Permissions

User roles allow you to manage permissions for user accounts in Tenable.io, controlling which Tenable.io resources users can access once logged in.

The following table describes permissions by user role for major Tenable.io functions.

Each user role encompasses the permissions of lower roles and adds new permissions. Administrators have the most permissions, and basic users have the least.

Area     User Roles and Permissions

Administrator

Scan Manager Standard Scan Operator Basic
API Keys view, modify view, modify view, modify view, modify view, modify
About view1Can view license information that is not available to other roles. view view view view
Account Settings view, modify view, modify view, modify view, modify view, modify
Access Groups view, create, modify, delete view2Can view access groups they belong to and asset rules for those access groups. Cannot view other users who are members of those access groups. view2 view2 view2
Agents view, delete view, delete - - -
Agent Blackout Windows view, create, modify, delete view, create, modify, delete - - -
Agent Groups view, create, modify, delete view, create, modify, delete - - -
Agent Settings view, modify view, modify - - -
Assets3Specific assets that a user can view are determined by access groups, except for administrator users, who can view all assets. view, modify, delete view, modify, delete view, modify, delete view, modify, delete view
Connectors view, create, modify, delete - - - -
Dashboards view, create, modify, delete view, create, modify, delete view, create, modify, delete view, create, modify, delete view, create, modify, delete
Exclusions view, import, export, delete view, import, export, delete - - -
Health and Status view - - - -
Managed Credentials view, create, modify, delete view, create, modify, delete view, create, modify, delete view, create, modify, delete view, create, modify, delete
PCI Managing view, import, export, create, modify, delete - - - -
Recast Rules view, create, modify, delete - - - -
Reports view, create, modify, run, delete view, create, modify, run, delete view, create, modify, run, delete view, create, modify, run, delete view
Report Results view, delete view, delete view, delete view, delete view
Scans4User roles determine a user's abilities, but the permissions that a user has for a particular scan are dictated by scan permissions. view, import, create, modify, run, delete view, import, create, modify, run, delete view, import, create, modify, run, delete view, import, create5Can create scans using existing user-defined policies that are shared with the user., modify, run, delete view6Can view list of scans, but not scan configuration details., import
Scan Policy view, import, export, create, modify, delete view, import, export, create, modify, delete view, import, export, create, modify, delete - -
Scan Results view, delete view, delete view, delete view, delete view, delete
Scanners view, add, modify, delete view, add, modify, delete - - -
Scanner Groups view, create, modify, delete view, create, modify, delete - - -
System Target Groups view, import, edit, modify, delete view view view -
Tags view, create, delete view, create, delete view, create, delete view, create, delete view, create, delete
Users view, create, modify, delete - - - -
User Groups view, create, modify, delete - - - -
User Target Groups view, create, delete, modify, delete view, create, delete, modify, delete view, create, delete, modify, delete view, create, delete, modify, delete -
Vulnerabilities view, export view, export view, export view, export view, export

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.