Create and Add a Permission Configuration
This topic describes the performance of or functionality for a new feature in Tenable.io Key Enhancements. For more information, see Tenable.io Key Enhancements.
Required User Role: Administrator
When you create a permission configuration in Tenable.io, you can apply that configuration to one or more users or groups.
Before you begin:
Create a tag for the object for which you want to create a permission.
To create and add a permission configuration to a user or group:
In the upper-left corner, click the button.
The left navigation plane appears.
In the left navigation plane, click Settings.
The Settings page appears.
Click the Access Control tile.
The Access Control page appears. On this page, you can control user and group access to resources in your Tenable.io account.
Click the Permissions tab.
The Permissions tab appears. This tab contains a table that lists all of the permission configurations on your Tenable.io instance.
At the top of the table, click Create Permission.
The Create Permission window appears.
In the Permission Name box, type a name for the permission configuration.
(Optional) In the Users drop-down box, select one or more users.
Note: Although the Users box is optional, you cannot save the permission configuration unless at least one user or user group is selected.
(Optional) In the Groups drop-down box, select one or more user groups.
Note: Although the Groups box is optional, you cannot save the permission configuration unless at least one user or user group is selected.
Note: You can select All Users in the Groups drop-down box to assign the permission configuration to all users on your Tenable.io instance. However, Tenable recommends that you use caution when assigning the permission configuration to all users because doing so goes against security best practices.
In the Permissions drop-down box, select one or more permissions.
Caution: Adding the Can Edit permission to your permission configuration along with the Can View or Can Scan permission allows assigned users to change the scope of the assets they can view and scan. Tenable recommends that you combine the Can Edit permission with the Can View or Can Scan permission only for administrator users.
Note: If you select the Can Edit permission, Tenable.io automatically adds the Can Use permission.
In the Objects drop-down box, select one or more objects to which to apply the permission configuration.
Note: The objects in the drop-down box are previously created tags that identify and define your assets. For more information, see Permissions.
Tip: You can select All Assets to allow users and group to view or scan all the assets on your instance, regardless of whether the assets match any existing objects. You can also select All Tags to allow users and groups on your instance to edit or use all objects on your instance. For more information about objects, see Permissions.
A confirmation message appears.
Tenable.io saves your changes. The permission configuration appears on the Permissions tab.