Tenable-Provided Roles

This topic describes the performance of, or functionality for, a new feature in Tenable.io Key Enhancements. For more information, see Tenable.io Key Enhancements.

The following table briefly describes Tenable-defined user roles in Tenable.io, along with the basic privileges associated with them. For detailed information about the privileges associated with these roles, see Tenable-Provided Role Privileges.

Role Name Description
Tenable.io Vulnerability Management User Roles

Basic

Can only manage their user profile, view scan results (including dashboards), and move shared scans to different folders.

Scan Operator Can create and run scans, but may only use existing scan user-defined scan templates that were created by a standard user or higher. They can create user target groups for use in scans.

Standard

In addition to scan operator privileges, can view user-defined scan templates that were created by a scan manager user or higher.

Scan Manager

In addition to standard user privileges, can configure scan settings and create, configure, use, and delete user-defined scan templates. They can also manage scanners, agents, and exclusions.

Administrator

Has all permissions and privileges, is responsible for setting up the account, and knows the organization's architecture. They can create groups to organize different business units, and add and manage users on the account.

Tenable.io Web Application Scanning User Roles

Basic

Can only manage their user profile and view scan results, including dashboards.

Scan Operator Can create and run web application scans, but may only use existing scan user-defined scan templates that were created by a standard user or higher.
Standard In addition to scan operator privileges, can view user-defined scan templates that were created by a scan manager user or higher.
Scan Manager In addition to standard user privileges, can configure scan settings and create, configure, use, and delete user-defined scan templates.

Administrator

Has all permissions and privileges, is responsible for setting up the account, and knows the organization's architecture. They can create groups to organize different business units, and add and manage users on the account.

Tenable.io Container Security User Roles  
Basic Limited to viewing, searching, and filtering Tenable.io Container Security data.

Scan Operator

and

Standard

Can import, manage, and delete images and image repositories. They can also view policies, but may only use policies set by a scan manager user or higher.
Scan Manager In addition to scan operator privileges, can create, manage, and enforce policies.
Administrator Has all permissions and privileges, is responsible for setting up the account, adding and managing users, and configuring connections to registries.