Tenable is converting all access groups into permission configurations. As this conversion runs, you may notice your existing access groups undergoing changes. Moving forward, Tenable recommends that you use permissions to manage user and group access to resources on your Tenable.io instance. For more information, see Transition to Permission Configurations.
With access groups, you can control which
- View specific assets and related vulnerabilities in aggregated scan result views (dashboards in the new interface and workbenches in classic interface).
- Run scans against specific targets and view individual scan results for the targets.
An access group contains assets or targets as defined by the rules you set. Access group rules specify identifying attributes that Tenable.io uses to associate assets or targets with the group (for example, an AWS Account ID, FQDN, or IP address). By assigning permissions
Note: When you create or edit an access group, Tenable.io may take some time to assign assets to the access group, depending on the system load, the number of matching assets, and the number of vulnerabilities.
You can view the status of this assignment process in the Status column of the access groups table on the Access Groups page.
Only administrators can view, create, and edit access groups. As a user assigned any other role, you can see the access groups to which you belong and the related rules, but not the other users that are in the access group.
By default, all users have access to the All Assets group, which contains all assets. Therefore, if you want to limit permissions for assets, you must first restrict users for All Assets.
Note: Tenable.io applies dynamic tags to any assets, regardless of access group scoping. As a result, it may apply tags you create to assets outside of the access groups to which you belong.
Your organization can create up to 5,000 access groups.
For information on using access groups, see: