Access Group Types

Tenable is retiring access groups. Moving forward, Tenable recommends that you use permissions to manage user and group access to resources on your Tenable.io instance and that you convert your existing access groups into permission configurations. For more information, see Transition to Permission Configurations.

You can create the following types of access groups. Select an access group type based on the identifiers for the targets you want to scan.

Type Description
Manage Assets

Users can view the asset records created during previous scans and scan the associated targets for those assets.

Use this type of access group if the targets you want to view and scan have been scanned before and can be best identified using tags based on asset attributes (for example, operating system or AWS Account ID).

Scan Targets

Users can scan targets associated with the access group and view the results of those scans.

Use this type of access group if the targets you want to view and scan have never been scanned before and can only be identified using certain asset identifiers (specifically, FQDN, IPv4 address, or IPv6 address).

Note: The access group type names do not represent a limitation on the user actions that each group controls in relation to the specified targets. For both Manage Assets and Scan Targets groups, you can grant user permissions to view analytical results for the specified targets in dashboards, to scan the specified targets, or to both view and scan. For more information on user permissions, see Configure User Permissions for an Access Group.

Tip: You can add a user to both access group types if you want to allow the user to scan both types of scan targets.