Tenable-Provided Roles and Privileges
The following tables describe privileges associated with each Tenable-provided user role, organized by function in their respective product.
Note: You can further refine user access to specific resources by assigning permissions to individual users or groups. For more information, see Permissions.
Area | Tenable Vulnerability Management-Provided Roles and Privileges | ||||
---|---|---|---|---|---|
Administrator |
Scan Manager | Standard | Scan Operator | Basic | |
Activity Logs | view, export | - | - | - | - |
API Keys | view, modify | view, modify | view, modify | view, modify | view, modify |
Account Settings | view, modify | view, modify | view, modify | view, modify | view, modify |
Agents | view, delete | view, delete | - | - | - |
Agent Freeze Windows | view, create, modify, delete | view, create, modify, delete | - | - | - |
Agent Groups | view, create, modify, delete | view, create, modify, delete | - | - | - |
Agent Settings | view, modify | view, modify | - | - | - |
Assets | view, modify, export, delete | view, modify, export, delete | view, modify, export, delete | view, modify, export, delete | view, export |
Connectors | view, create, modify, delete | - | - | - | - |
Dashboards | view, create, modify, export, delete | view, create, modify, export, delete | view, create, modify, export, delete | view, create, modify, export, delete | view, create, modify, export, delete |
Exclusions | view, import, export, delete | view, import, export, delete | - | - | - |
Exports | view, modify, export, delete | - | - | - | - |
Findings | view, export | view, export | view, export | view, export | view, export |
General Settings | view, modify | - | - | - | - |
Managed Credentials | view, create, modify, delete | view, create, modify, delete | view, create, modify, delete | view, create, modify, delete | view, create, modify, delete |
PCI Managing | view, import, export, create, modify, delete | - | - | - | - |
Recast Rules | view, create, modify, delete | - | - | - | - |
Reports | view, run, create, modify, delete | view, run, create, modify, delete | view, run, create, modify, delete | view, run, create, modify, delete | view |
Scans1 | view, import, run, create, modify, delete | view, import, run, create, modify, delete | view, import, run, create, modify, delete | view, import, run, create2, modify, delete | view3, import |
Scan Results | view, export, delete | view, export, delete | view, export, delete | view, export, delete | view, export, delete |
Sensors | view, add, modify, delete | view, add, modify, delete | - | - | - |
Scanner Groups | view, create, modify, delete | view, create, modify, delete | - | - | - |
Tags4 | view, create tag category, create tag value, delete, export, assign, unassign | view, create tag value, delete, assign, unassign | view, delete, assign, unassign5 | view, delete, assign, unassign | view, assign, unassign |
User Groups | view, create, modify, delete, export | - | - | - | - |
Users | view, create, modify, delete | - | - | - | - |
Area | Tenable Web App Scanning-Provided Roles and Privileges | ||||
---|---|---|---|---|---|
Administrator |
Scan Manager | Standard | Scan Operator | Basic | |
Dashboards | view, create, modify, delete | view, create, modify, delete | view, create, modify, delete | view, create, modify, delete | view |
Tenable-Provided Scan Templates | view, create, modify, delete | view, create, modify, delete | view, create, modify, delete | view | - |
Scans (also requires scan permissions) |
view, import, create, modify, run, delete | view, import, create, modify, run, delete | view, create, modify, run, delete | view, create6, modify, run, delete, move to trash | view |
Managed Credentials | view, create, modify, delete | view, create, modify, delete | view, create, modify, delete | view, create, modify, delete | view, create, modify, delete |
Scan Permissions |
view, create, modify, delete7 | view, create, modify, delete8 | view, create, modify, delete9 | view, create, modify, delete10 | - |
Scan Results (also requires scan permissions) |
view, delete | view, delete | view, delete | view, delete | view, delete |
Area | Lumin Exposure View-Provided Roles and Privileges | ||||
---|---|---|---|---|---|
Administrator |
Scan Manager | Standard | Scan Operator | Basic | |
Settings | manage, read | read | read | read | read |
Access to Asset Type | computing resource (host), cloud resource, web application, identity | computing resource (host), cloud resource, web application, identity | computing resource (host), cloud resource, web application, identity | computing resource (host), cloud resource, web application, identity | computing resource (host), cloud resource, web application, identity |
Export | manage own | manage own | manage own | manage own | manage own |
Exposure Card |
create, share, read | create, share, read | create, share, read | share, read | read |
Area | Tenable Inventory-Provided Roles and Privileges | ||||
---|---|---|---|---|---|
Administrator |
Scan Manager | Standard | Scan Operator | Basic | |
Access to Asset Type | computing resource (host), cloud resource, web application, identity | computing resource (host), cloud resource, web application, identity | computing resource (host), cloud resource, web application, identity | computing resource (host), cloud resource, web application, identity | computing resource (host), cloud resource, web application, identity |
Export | manage own | manage own | manage own | manage own | manage own |
Tag |
create, edit | create, edit | - | - | - |
Area | Attack Path Analysis-Provided Roles and Privileges | ||||
---|---|---|---|---|---|
Administrator |
Scan Manager | Standard | Scan Operator | Basic | |
Export | manage own | manage own | manage own | manage own | manage own |
Finding | manage, read | manage, read | read | read | read |
Query | search, save | search, save | search, save | search | search |
Area | Tenable Identity Exposure-Provided Roles and Privileges | |
---|---|---|
Administrator |
Custom | |
Entire Application | Read, Edit, Create | Defined in-application |
Area | Tenable Attack Surface Management-Provided Roles and Privileges | ||
---|---|---|---|
Business Administrator | Active User | View-Only User | |
Inventory |
manage, add, modify, delete | add, modify, leave | view |
Suggestions | manage, add, modify, delete | manage, add, modify, delete | view |
Subscriptions | manage, add, modify, delete | manage, add, modify, delete | view |
Reports | manage, add, modify, delete | manage, add, modify, delete | view |
Txt Records | manage, modify, delete | manage, modify, delete | view |
User Accounts | manage, modify, delete | - | - |
Business | manage, modify | - | - |
Area | Tenable Cloud Security-Provided Roles and Privileges | ||
---|---|---|---|
Administrator |
Collaborator | Viewer | |
Console Tabs | view | view | view |
Reports | view, create, schedule, delete | view, create, schedule, delete | view, create |
Inventory | view, manage, generate policy | view, manage, generate policy | - |
Findings | view, share, manage, disable | view, share, manage | view, share |
Administration | view, manage, audit | - | - |