Configure User Permissions for a Target Group

You can still use target groups to manage your scan targets. However, Tenable recommends that you instead use tags to group and scan your assets when possible. In the future, when tagging features and options match those currently available in target groups, Tenable will convert your target groups into tags and retire your existing target groups. No action is required on your part, and Tenable will provide you with 60 calendar days notice before converting and retiring your target groups. For more information, contact your Tenable representative.

System target groups:

Required User Role: Administrator

Required Target Group Permissions: Any

User target groups:

Required Vulnerability Management User Role: Scan Operator, Standard, Scan Manager, or Administrator

Required Target Group Permissions: Can Change

Note: For auditing cloud infrastructure, requires a target group with Can Scan permissions to be present on

Note: To enable the user to use a target group in the Target Groups option for scan configurations, you must also grant the user Can Scan permissions in an access group for the targets. If you do not, excludes the targets from the scan results. For more information, see Access Groups.

To configure permissions for a target group:

  1. Create or edit a target group.
  2. In the User Permissions section, do one of the following: