Tenable is retiring access groups. Moving forward, Tenable recommends that you use permissions to manage user and group access to resources on your Tenable.io instance and that you convert your existing access groups into permission configurations. For more information, see Transition to Permission Configurations.
Note: System target group permissions that controlled viewing scan results and scanning specified targets have been migrated to access groups. For more information, see Scan Permissions Migration.
With access groups, you can control which users or groups in your organization can:
- View specific assets and related vulnerabilities in aggregated scan result views (dashboards in the new interface and workbenches in classic interface).
- Run scans against specific targets and view individual scan results for the targets.
An access group contains assets or targets as defined by the rules you set. Access group rules specify identifying attributes that Tenable.io uses to associate assets or targets with the group (for example, an AWS Account ID, FQDN, or IP address). By assigning permissions in the access group to
Note: When you create or edit an access group, Tenable.io may take some time to assign assets to the access group, depending on the system load, the number of matching assets, and the number of vulnerabilities.
You can view the status of this assignment process in the Status column of the access groups table on the Access Groups page.
Only administrators can view, create, and edit access groups. As a user assigned any other role, you can see the access groups to which you belong and the related rules, but not the other users that are in the access group.
By default, all users have No Access to all assets on your Tenable.io instance. Therefore, if you want to assign permissions for assets, you must create an access group and configure user permissions for the group.
Note: Tenable.io applies dynamic tags to any assets, regardless of access group scoping. As a result, it may apply tags you create to assets outside of the access groups to which you belong.
Your organization can create up to 5,000 access groups.
For more information, see the following topics: