Custom Roles

This section and the topics in it describe the performance of and functionality for a new feature in Tenable.io Key Enhancements. For more information, see Tenable.io Key Enhancements.

You can create custom roles for users on your Tenable.io instance to give those users privileges that are specific to your organization's needs.

When you create a custom role, you can add all or some of the following privileges. You can also edit a custom role to remove privileges. Which privileges you can add to or remove from a role depend on the area of Tenable.io where each privilege applies.

Note: A user's access to resources on the account may be limited by their permissions, regardless of their role.

  • Read — Allows the user to view items in the area where the privilege applies.

  • Manage — Allows the user to create, modify, and delete in the area where the privilege applies.

    Note: When you add the Manage privilege to a custom role, Tenable.io automatically adds the Read privilege as well. You cannot disable the Read privilege unless you first disable the Manage privilege.

  • Share — Allows the user to share dashboards with other users or groups. This privilege is specific to dashboards.

The following table describes the privilege options available for custom roles in different sections of Tenable.io.

Note: When you create a custom role, you must include Read privileges for the General Settings, License, and My Account sections. If you do not include Read privileges for these sections, users assigned to the role cannot log in to Tenable.io.

Section Privilege Options
Account
Access Control

Read, Manage

Caution: Adding the Manage privilege in Access Control allows any user with that custom role to create an Administrator user, log in as that user, and change the privileges or permissions for any user on your Tenable.io instance, including their own. If you want to create a user account with the ability to manage your Access Control configurations, Tenable recommends that you assign that user the Administrator role. For more information, see Tenable-Provided Role Privileges.

General Setting Read, Manage
Activity Log Read
Dashboard Manage, Share

Note: Custom role privileges in the Dashboards section do not include the ability to export a dashboard. You must assign a Tenable-provided role to a user if you want the user to be able to export dashboards.

Note: All users can view the dashboards they create or that others share with them regardless of the privileges you assign to them.

License Read
My Account Read, Manage
Workspaces
Asset Read
Finding Read
Vulnerability Management
Recast Rule Read, Manage

Note: Custom role privileges in the Recast Rule section do not include the ability to export a recast rule. You must assign a user the Administrator role if you want the user to be able to export recast rules. For more information, see Tenable-Provided Role Privileges.