Access for Privileged Analysis

The optional Privileged Analysis feature requires administrative privileges. You must assign permissions for the service account that Tenable Identity Exposure uses.

For more information, see Privileged Analysis.

Note: You must assign permissions on each domain where you enable Privileged Analysis.

Important Notes

Tenable Identity Exposure only requires one service account per forest, so when you assign permissions in a domain you may need to search for the service account from another domain.
You must assign additional permissions at the domain root level. The Active Directory does not support permissions assigned to an organizational unit or a specific user — for example to restrict Privileged Analysis to the OU or user — and therefore these do not have any effect.
These permissions grant the Tenable Identity Exposure service account much more power over the Active Directory domain. You must then consider it as a privileged account (Tier 0) and protect it as similarly as a domain administrator account. For the complete procedure, see Protecting Service Accounts.