Role-Based Access Control
Role-Based Access Control (RBAC) defines the activities that a user can perform in the associated projects and on the Tenable Cloud Security console. Create users for Tenable Cloud Security and then assign roles to the users from Tenable Vulnerability Management. For more information about user roles in Tenable Vulnerability Management, see User Roles.
| Entity | Task | Viewer | Operator | Administrator |
|---|---|---|---|---|
| Project | Create | ✔ | ✔ | |
| Modify | ✔ | ✔ | ||
| Delete | ✔ | ✔ | ||
| View | ✔ | ✔ | ✔ | |
| Policies and Policy Groups | View | ✔ | ✔ | ✔ |
| Export | ✔ | ✔ | ✔ | |
| Custom policies | Create | ✔ | ||
| Modify | ✔ | |||
| Delete | ✔ | |||
| View | ✔ | ✔ | ✔ | |
| Cloud accounts | Add | ✔ | ✔ | |
| Remove | ✔ | ✔ | ||
| Repositories | Add | ✔ | ✔ | |
| Remove | ✔ | ✔ | ||
| Pipeline | Run | ✔ | ✔ | ✔ |
| Kubernetes cluster | Scan using CLI, Helm charts | ✔ | ✔ | |
| Integrations | Add | ✔ | ✔ | |
| Remove | ✔ | ✔ | ||
| Scans | Run | ✔ | ✔ | |
| Schedule | ✔ | ✔ | ||
|
Findings (misconfigurations and vulnerabilities)
Note: A Scan Manager or a Scan Operator in Tenable Vulnerability Management must have the Can View permission to view Tenable Cloud Security vulnerabilities.
|
View findings, tickets, pull requests | ✔ | ✔ | ✔ |
| Ignore | ✔ | ✔ | ||
| Unignore | ✔ | ✔ | ||
| Create Ticket | ✔ | ✔ | ||
| Create Pull Request | ✔ | ✔ | ||
| Export | ✔ | ✔ | ✔ | |
| Alerts and Alert Rules | Configure | ✔ | ✔ | |
| View | ✔ | ✔ | ✔ | |
| Dashboards | View | ✔ | ✔ | ✔ |
| Reports | View | ✔ | ✔ | ✔ |
| Export to CSV | ✔ | ✔ | ||
| User Management |
Not applicable for Tenable Cloud Security. Note: You must create and manage users for Tenable Cloud Security from Tenable Vulnerability Management. For more information about how user roles in Tenable Cloud Security map to corresponding roles in Tenable Vulnerability Management, see User Role Mapping between Tenable Vulnerability Management and Tenable Cloud Security.
|
NA | NA | NA |