Access Control

Related Reading: User Access in the Tenable Security Center User Guide

The Tenable Security Center user access model supports role-based access control (RBAC) principles. Each user has a defined group membership (for data access) and role (for application access) so that users on a team access the same data (by shared group) but with different levels of access (by role) to perform different functions. You configure organizations to contain a set of groups and the users within them. Organizations allow for a distinct set of users and groups with unique resources assigned to them. You can use this functionality to mirror your company's organizational structure in Tenable Security Center.

For example, you could:

  • Grant complete Security Manager access to a Senior Vulnerability Management Engineer
  • Grant no access to C-level executives, but instruct Security Managers to export ARCs and share them
  • Grant API export access to a Security Engineer
  • Grant API integrations access to a Security Engineer

Access Control and the API

Tenable Security Center API access is user-based; this allows for both pre-built and custom integrations to utilize the RBAC user model. For more information, see API Usage.

Access Control and Repositories

You configure repositories to store scan result data in Tenable Security Center. Tenable recommends breaking up large sets of data (tens of thousands of IP addresses) into multiple repositories to:

  • Perform faster data import and queries
  • Increase control and flexibility of user access
  • Increase control and flexibility of reporting
  • Manage potential issues related to maximum repository size (32 GB)

Repository Organization

There are many ways to organize your repositories, depending on your needs. For example:

  • By division or department in your organization to simplify reporting across an organization's structure
  • By logical network definition to accommodate a centralized IT department or specific needs in a non-federated organization

Repository Capacity

A single repository can store 32 GB of data, which is around 30,000 to 100,000 IP addresses depending on your asset types and whether you are running credentialed scans.

When you plan your repository organization, estimate the number of IP addresses that will be stored by each repository. If any of your repository estimates approach the maximum, break the repository into two or more repositories. Tenable recommends sizing your repositories conservatively since you cannot move data to another repository after it has been imported.