Configure User Permissions for a Managed Credential

Required Tenable Vulnerability Management User Role: Basic, Scan Operator, Standard, Scan Manager, or Administrator

Required Tenable Web App Scanning User Role: Basic, Scan Operator, Standard, Scan Manager, or Administrator

You configure user permissions for a managed credential separately from the permissions you configure for the scans where you use the credential.

You can configure credential permissions for individual users or a user group. If you configure credential permissions for a group, you assign all users in that group the same permissions. You may want to create the equivalent of a credential manager role by creating a group for the users you want to manage credentials. For more information, see User Groups.

If you create a managed credential, Tenable Vulnerability Management automatically assigns you Can Edit permissions.

To configure user permissions for a managed credential:

1. Create or edit a managed credential:

   Location	Action
   In the credential manager	create or edit
   In a scan configuration	create or edit

2. Do one of the following:
   • Add permissions for a user or user group.

     1. In the credential settings plane, click the button next to the User Permissions title.

        The Add User Permission settings appear.

     2. In the search box, type the name of a user or group.

        As you type, a filtered list of users and groups appears.

     3. Select a user or group from the search results.

     4. Click the button next to the permission drop-down for the user or group.

     5. Select a permission level:

        • Can Use — The user can view the credential in the managed credentials table and use the credential in scans.

        • Can Edit — The user can view and edit credential settings, delete the credential, and use the credential in scans.

     6. Click Add.
     7. Click Save.
   • Edit permissions for a user or user group.

     1. In the User Permissions section of the credential settings plane, click the button next to the permission drop-down for the user or group.

     2. Select a permission level:

        • Can Use — The user can view the credential in the managed credentials table and use the credential in scans.

        • Can Edit — The user can view and edit credential settings, delete the credential, and use the credential in scans.

     3. Click Save.
   • Delete permissions for a user or user group.

     1. In the User Permissions section of the credential settings plane, roll over the user or group you want to delete.

     2. Click the button next to the user or user group.

        The user or group is removed from the User Permissions list.

     3. Click Save.