Shared Collections

Shared collections serve as an access control mechanism for grouping scans in Tenable Vulnerability Management. Unlike folders, which organize scans for a single user, shared collections allow you to apply centralized permissions to the collection itself to manage team visibility more effectively. You can create and manage shared collections on the Scans page.

Note: Shared collections are available only for Tenable Vulnerability Management scans. They do not support Tenable Web App Scanning or other scan types. Additionally, each shared collection has a single owner, but other users with Can Edit permissions or Administrator privileges can manage the collection.

For information about managing your shared collections, see Manage Shared Collections.

Overview

A shared collection contains scan configurations and associated scan results. When you place a scan in a shared collection, the scan retains its individual access permissions. Shared collections have their own separate permissions that determine who can view or edit the collection itself.

You can use shared collections to control which users view or edit the collection. For example, you can create a "Database Scans" collection and grant your Database Administrator (DBA) team Can Edit access to manage the collection, while granting your auditors Can View access to see the collection.

Note: Because Tenable Vulnerability Management still respects individual scan permissions, a user with Can View access to a collection but no access to a specific scan within it sees the scan as a grayed-out row in the table. They are not able to click on it to view its configuration or results.

Key Features

  • Collection-Level Access Control — You manage permissions at the collection level to control visibility and management of the collection. Adding a scan to a collection does not override the permissions set on the individual scan.

  • Specific Permissions — You can assign specific roles to users or groups within a collection:

    • Can View — Users can view the collection and its high-level information. They cannot modify the collection.

    • Can Edit — Users can add scans to the collection and update the collection itself (such as modifying membership, name, and description).

  • Dynamic Team Management — If a new user joins a user group, they gain access to the shared collections assigned to that group.

Shared Collections versus Folders

  • Folders — Use folders for personal organization. Moving a scan into a personal folder does not change the users who can view the scan.

  • Shared Collections — Use shared collections for sharing and collaboration. Moving a scan into a shared collection does not change the individual scan's access permissions, but it organizes the scans into a shared group for users with collection access.