Tenable-Provided Roles and Privileges

The following tables describe privileges associated with each Tenable-provided user role, organized by function in their respective product.

Note: You can further refine user access to specific resources by assigning permissions to individual users or groups. For more information, see Permissions.

Area  Tenable Vulnerability Management-Provided Roles and Privileges

Administrator

Scan Manager Standard Scan Operator Basic
Activity Logs view, export - - - -
API Keys view, modify view, modify view, modify view, modify view, modify
Account Settings view, modify view, modify view, modify view, modify view, modify
Agents view, delete view, delete - - -
Agent Freeze Windows view, create, modify, delete view, create, modify, delete - - -
Agent Groups view, create, modify, delete view, create, modify, delete - - -
Agent Settings view, modify view, modify - - -
Assets view, modify, export, delete view, modify, export, delete view, modify, export, delete view, modify, export, delete view, export
Connectors view, create, modify, delete - - - -
Dashboards view, create, modify, export, delete view, create, modify, export, delete view, create, modify, export, delete view, create, modify, export, delete view, create, modify, export, delete
Exclusions view, import, export, delete view, import, export, delete - - -
Exports view, modify, export, delete - - - -
Findings view, export view, export view, export view, export view, export
General Settings view, modify - - - -
Managed Credentials view, create, modify, delete view, create, modify, delete view, create, modify, delete view, create, modify, delete view, create, modify, delete
PCI Managing view, import, export, create, modify, delete - - - -
Recast Rules view, create, modify, delete - - - -
Reports view, run, create, modify, delete view, run, create, modify, delete view, run, create, modify, delete view, run, create, modify, delete view
Scans1 view, import, run, create, modify, delete view, import, run, create, modify, delete view, import, run, create, modify, delete view, import, run, create2, modify, delete view3, import
Scan Results view, export, delete view, export, delete view, export, delete view, export, delete view, export, delete
Sensors view, add, modify, delete view, add, modify, delete - - -
Scanner Groups view, create, modify, delete view, create, modify, delete - - -
Tags4 view, create tag category, create tag value, delete, export, assign, unassign view, create tag value, delete, assign, unassign view, delete, assign, unassign5 view, delete, assign, unassign view, assign, unassign
User Groups view, create, modify, delete, export - - - -
Users view, create, modify, delete - - - -
Area    Tenable Web App Scanning-Provided Roles and Privileges

Administrator

Scan Manager Standard Scan Operator Basic
Dashboards view, create, modify, delete view, create, modify, delete view, create, modify, delete view, create, modify, delete view
Tenable-Provided Scan Templates view, create, modify, delete view, create, modify, delete view, create, modify, delete view -

Scans

(also requires scan permissions)

view, import, create, modify, run, delete view, import, create, modify, run, delete view, create, modify, run, delete view, create6, modify, run, delete, move to trash view
Managed Credentials view, create, modify, delete view, create, modify, delete view, create, modify, delete view, create, modify, delete view, create, modify, delete

Scan Permissions

view, create, modify, delete7 view, create, modify, delete8 view, create, modify, delete9 view, create, modify, delete10 -

Scan Results

(also requires scan permissions)

view, delete view, delete view, delete view, delete view, delete
Area    Lumin Exposure View-Provided Roles and Privileges

Administrator

Scan Manager Standard Scan Operator Basic
Settings manage, read read read read read
Access to Asset Type computing resource (host), cloud resource, web application, identity computing resource (host), cloud resource, web application, identity computing resource (host), cloud resource, web application, identity computing resource (host), cloud resource, web application, identity computing resource (host), cloud resource, web application, identity
Export manage own manage own manage own manage own manage own

Exposure Card

create, share, read create, share, read create, share, read share, read read
Area    Tenable Inventory-Provided Roles and Privileges

Administrator

Scan Manager Standard Scan Operator Basic
Access to Asset Type computing resource (host), cloud resource, web application, identity computing resource (host), cloud resource, web application, identity computing resource (host), cloud resource, web application, identity computing resource (host), cloud resource, web application, identity computing resource (host), cloud resource, web application, identity
Export manage own manage own manage own manage own manage own

Tag

create, edit create, edit - - -
Area    Attack Path Analysis-Provided Roles and Privileges

Administrator

Scan Manager Standard Scan Operator Basic
Export manage own manage own manage own manage own manage own
Finding manage, read manage, read read read read
Query search, save search, save search, save search search
Area    Tenable Identity Exposure-Provided Roles and Privileges

Administrator

Custom
Entire Application Read, Edit, Create Defined in-application
  Area Tenable Attack Surface Management-Provided Roles and Privileges
Business Administrator Active User View-Only User

Inventory

manage, add, modify, delete add, modify, leave view
Suggestions manage, add, modify, delete manage, add, modify, delete view
Subscriptions manage, add, modify, delete manage, add, modify, delete view
Reports manage, add, modify, delete manage, add, modify, delete view
Txt Records manage, modify, delete manage, modify, delete view
User Accounts manage, modify, delete - -
Business manage, modify - -
Note: By default, Tenable Attack Surface Management users created within Tenable One are given the Active User role.
Area    Tenable Cloud Security-Provided Roles and Privileges

Administrator

Collaborator Viewer
Console Tabs view view view
Reports view, create, schedule, delete view, create, schedule, delete view, create
Inventory view, manage, generate policy view, manage, generate policy -
Findings view, share, manage, disable view, share, manage view, share
Administration view, manage, audit - -