TOC & Recently Viewed

Recently Viewed Topics

Target Groups

Note: To configure system target view permissions, use access groups. To configure scan permissions, use system target groups.

A target group allows you to set permissions on which hosts users can scan. By default, all users can scan all hosts.

You must grant at least one user the ability to run scans, either by changing the default target permissions or by granting individual users permissions within a system target group.

You can use target groups in scans based on the permissions assigned to the target group.

System Target Groups

System target groups are used to set permissions on which hosts a user can scan. By default, all users can scan all hosts. You can restrict this by removing scan permissions on the default target group and creating additional target groups with more granular permissions.

Optionally, you can enable asset isolation to deactivate the default target group and control scanning permissions via individual system target group settings. For more information, see Enable or Disable Asset Isolation.

User Target Groups

User target groups do not grant scan or view permissions. Instead, user target groups provide more granular filtering on the hosts permitted to you in system target groups. You can use these lists when filtering dashboards or configuring scans.

Asset Isolation

Occasionally, users may encounter an issue if:

  • Asset isolation is disabled.
  • The default target group has Can Use or lower permissions.
  • No target group has specifically allowed

Not allowing scanning of may prevent scans that use this loopback address as its target from running.

To fix the issue do one of the following:

  • If asset isolation is disabled, and the default target group has Can Use or lower permissions, then elevate the permissions to Can Scan.
  • If asset isolation is enabled, then create a target group with Can Scan permissions to explicitly allow

For more information on target groups, see the following topics:

Copyright © 2020 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.., Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.