Restrict Users for All Assets Group

Required User Role: Administrator

The All Assets group is the default, system-generated group to which all assets belong.

By default, the following conditions are true:

  • The user group All Users, which contains all users in your organization, is assigned to the All Assets group.
  • The permissions for the All Users group are set to Can View and Can Scan.

If you do not want all users to scan all assets and view the individual and aggregated results, you must set the permissions for the All Users group to No Access. You can then optionally add specific users or groups to provide individuals with access to all assets.

Note: When you create or edit an access group, Tenable.io may take some time to assign assets to the access group, depending on the system load, the number of matching assets, and the number of vulnerabilities.

You can view the status of this assignment process in the Status column of the access groups table on the Access Groups page.

To restrict users for the All Assets group:

  1. In the upper-left corner, click the Menu button.

    The left navigation plane appears.

  2. In the left navigation plane, click Settings.

    The Settings page appears.

  3. Click the Access Groups widget.

    The Access Groups page appears. This page contains a table that lists the access groups to which you have access.

  4. In the access groups table, click the All Assets group.

    The Edit All Assets Access Group page appears.

  5. In the Users & Groups section, locate the listing for the All Users group.

  6. Remove both the Can Edit and Can Scan labels from the All Users group listing:

    1. Roll over the label.

      The Delete button appears on the label.

    2. Click the Delete button.

      Tenable.io removes the label.

    Note: When configuring the All Assets access group, Tenable recommends keeping the following in mind:

    • If you retain the permissions for All Users as Can View, all users can view scan results for all assets or targets for your organization.
    • If you set the permissions for All Users to Can Scan, all users can scan all assets or targets for your organization and view the related scan results.
  7. (Optional) Configure user permissions for each user or group you want to add to the All Assets group.

  8. Click Save.

    The Access Groups page appears. Access to the All Assets group is restricted to the user(s) or group(s) you added.