TOC & Recently Viewed

Recently Viewed Topics

Service Access Control Checks

A service ACL is identified by the keyword service_acl. The ACL name must be unique to be used with a service permissions item. A service ACL can contain one or multiple user entry.


<service_acl: ["name"]>


<user: ["user_name"]>

acl_inheritance: ["value"]

acl_apply: ["value"]

(optional) acl_allow: ["rights value"]

(optional) acl_deny: ["rights value"]





Associated Types

Allowed Types


not inherited


not used


this object only



These settings are optional and are used to define the rights a user has on the object.

Generic rights:

  • full control
  • read
  • start, stop and pause
  • write
  • delete

Advanced rights:

  • full control
  • delete
  • query template
  • change template
  • query status
  • enumerate dependents
  • start
  • stop
  • pause and continue
  • interrogate
  • user-defined control
  • read permissions
  • change permissions
  • take ownership

An example service access control check is shown below:

<service_acl: "ALERT ACL">


<user: "Administrators">

acl_inheritance: "not inherited"

acl_apply: "This object only"

acl_allow: "query template" | "change template" | "query status" | "enumerate

dependents" | "start" | "stop" | "pause and continue" | "interrogate" | "userdefined

control" | "delete" | "read permissions" | "change permissions" | "take





Copyright © 2019 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.., Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.