Tenable-Provided Roles and Privileges

The following tables describe privileges associated with each Tenable-provided user role, organized by function in their respective product.

Note: You can further refine user access to specific resources by assigning permissions to individual users or groups. For more information, see Permissions.

Area  Tenable Vulnerability Management-Provided Roles and Privileges

Administrator

Scan Manager Standard Scan Operator Basic
Activity Logs view, export - - - -
API Keys view, modify view, modify view, modify view, modify view, modify
Account Settings view, modify view, modify view, modify view, modify view, modify
Agents view, delete view, delete - - -
Agent Freeze Windows view, create, modify, delete view, create, modify, delete - - -
Agent Groups view, create, modify, delete view, create, modify, delete - - -
Agent Settings view, modify view, modify - - -
Assets view, modify, export, delete view, modify, export, delete view, modify, export, delete view, modify, export, delete view, export
Connectors view, create, modify, delete - - - -
Dashboards view, create, modify, export, delete view, create, modify, export, delete view, create, modify, export, delete view, create, modify, export, delete view, create, modify, export, delete
Exclusions view, import, export, delete view, import, export, delete - - -
Exports view, modify, export, delete - - - -
General Settings view, modify - - - -
Health and Status view - - - -
Managed Credentials view, create, modify, delete view, create, modify, delete view, create, modify, delete view, create, modify, delete view, create, modify, delete
PCI Managing view, import, export, create, modify, delete - - - -
Recast Rules view, create, modify, delete - - - -
Reports view, run, create, modify, delete view, run, create, modify, delete view, run, create, modify, delete view, run, create, modify, delete view
Report Results view, delete view, delete view, delete view, delete view
Scans1 view, import, run, create, modify, delete view, import, run, create, modify, delete view, import, run, create, modify, delete view, import, run, create2, modify, delete view3, import
Scan Results view, export, delete view, export, delete view, export, delete view, export, delete view, export, delete
Sensors view, add, modify, delete view, add, modify, delete - - -
Scanner Groups view, create, modify, delete view, create, modify, delete - - -
Tags4 view, create tag category, create tag value, delete, export, assign, unassign view, create tag value, delete, assign, unassign view, delete, assign, unassign5 view, delete, assign, unassign view, assign, unassign
User Groups view, create, modify, delete, export - - - -
User-Defined Scan Templates view, import, export, create, modify, delete view, import, export, create, modify, delete view, import, export, create, modify, delete - -
Users view, create, modify, delete - - - -
Vulnerabilities view, export view, export view, export view, export view, export
Area    Tenable Web App Scanning-Provided Roles and Privileges

Administrator

Scan Manager Standard Scan Operator Basic
Dashboards view, create, modify, delete view, create, modify, delete view, create, modify, delete view, create, modify, delete view view
Tenable-Provided Scan Templates view, create, modify, delete view, create, modify, delete view, create, modify, delete view - -
User-Defined Templates view, create, modify, delete view, create, modify, delete view, create, modify, delete view, create, modify, delete - -

Scans

(also requires scan permissions)

view, import, create, modify, run, delete view, import, create, modify, run, delete view, create, modify, run, delete view, create6, modify, run, delete, move to trash view view
Managed Credentials view, create, modify, delete view, create, modify, delete view, create, modify, delete view, create, modify, delete view, create, modify, delete view, create, modify, delete

Scan Permissions

view, create, modify, delete7 view, create, modify, delete8 view, create, modify, delete9 view, create, modify, delete10 - -

Scan Results

(also requires scan permissions)

view, delete view, delete view, delete view, delete view, delete view, delete
Area    Lumin Exposure View-Provided Roles and Privileges

Administrator

Scan Manager Standard Scan Operator Basic
Settings manage, read read read read read
Access to Asset Type computing resource (host), cloud resource, web application, identity computing resource (host), cloud resource, web application, identity computing resource (host), cloud resource, web application, identity computing resource (host), cloud resource, web application, identity computing resource (host), cloud resource, web application, identity
Export manage own manage own manage own manage own manage own

Exposure Card

create, share, read create, share, read create, share, read share, read read
Area    Asset Inventory-Provided Roles and Privileges

Administrator

Scan Manager Standard Scan Operator Basic
Access to Asset Type computing resource (host), cloud resource, web application, identity computing resource (host), cloud resource, web application, identity computing resource (host), cloud resource, web application, identity computing resource (host), cloud resource, web application, identity computing resource (host), cloud resource, web application, identity
Export manage own manage own manage own manage own manage own

Tag

create, edit create, edit - - -
Area    Attack Path Analysis-Provided Roles and Privileges

Administrator

Scan Manager Standard Scan Operator Basic
Export manage own manage own manage own manage own manage own
Finding manage, read manage, read read read read
Query search, save search, save search, save search search
  Area Tenable Attack Surface Management-Provided Roles and Privileges
Business Administrator Active User View-Only User

Inventory

manage, add, modify, delete add, modify, leave view
Suggestions manage, add, modify, delete manage, add, modify, delete view
Subscriptions manage, add, modify, delete manage, add, modify, delete view
Reports manage, add, modify, delete manage, add, modify, delete view
Txt Records manage, modify, delete manage, modify, delete view
User Accounts manage, modify, delete - -
Business manage, modify - -
Note: By default, Tenable Attack Surface Management users created within Tenable One are given the Active User role.
  Area Tenable Container Security-Provided Roles and Privileges
Administrator Scan Manager Standard Scan Operator Basic

Dashboards

view view view view view
Usage Data view 11 view view view view
Images view, push to Tenable Vulnerability Management, delete 12 view, push to Tenable Vulnerability Management, delete view, push to Tenable Vulnerability Management, delete view, push to Tenable Vulnerability Management, delete -
Image Repository view, search, delete view, search, delete view, search, delete view, search, delete view, search
Containers view view view view view
Policies create, view, edit, set permissions, delete create, view, edit, set permissions, delete view view view
Connectors create, configure, view, delete - - - -
CS Scanner download, view, configure, run download, view, configure, run download, view, configure, run download, view, configure, run download
Scan Results view, search view, search view, search view, search view, search