Recently Viewed Topics
Note: To configure system target view permissions, use access groups. To configure scan permissions, use system target groups.
A target group allows you to set permissions on which hosts users can scan. By default, all users can scan all hosts.
You must grant at least one user the ability to run scans, either by changing the default target permissions or by granting individual users permissions within a system target group.
You can use target groups in scans based on the permissions assigned to the target group.
System Target Groups
System target groups are used to set permissions on which hosts a user can scan. By default, all users can scan all hosts. You can restrict this by removing scan permissions on the default target group and creating additional target groups with more granular permissions.
Optionally, you can enable asset isolation to deactivate the default target group and control scanning permissions via individual system target group settings. For more information, see Enable or Disable Asset Isolation.
User Target Groups
User target groups do not grant scan or view permissions. Instead, user target groups provide more granular filtering on the hosts permitted to you in system target groups. You can use these lists when filtering dashboards or configuring scans.
Occasionally, users may encounter an issue if:
- Asset isolation is disabled.
- The default target group has Can Use or lower permissions.
- No target group has specifically allowed 127.0.0.1.
Not allowing scanning of 127.0.0.1 may prevent scans that use this loopback address as its target from running.
To fix the issue do one of the following:
- If asset isolation is disabled, and the default target group has Can Use or lower permissions, then elevate the permissions to Can Scan.
- If asset isolation is enabled, then create a target group with Can Scan permissions to explicitly allow 127.0.0.1.
For more information on target groups, see the following topics: