Tenable-Provided Roles and Privileges
The following tables describe privileges associated with each Tenable-provided user role, organized by function in their respective product.
Area | Tenable Vulnerability Management-Provided Roles and Privileges | ||||
---|---|---|---|---|---|
Administrator |
Scan Manager | Standard | Scan Operator | Basic | |
Activity Logs | view, export | - | - | - | - |
API Keys | view, modify | view, modify | view, modify | view, modify | view, modify |
Account Settings | view, modify | view, modify | view, modify | view, modify | view, modify |
Agents | view, delete | view, delete | - | - | - |
Agent Freeze Windows | view, create, modify, delete | view, create, modify, delete | - | - | - |
Agent Groups | view, create, modify, delete | view, create, modify, delete | - | - | - |
Agent Settings | view, modify | view, modify | - | - | - |
Assets | view, modify, export, delete | view, modify, delete | view, modify, delete | view, modify, delete | view |
Connectors | view, create, modify, delete | - | - | - | - |
Dashboards | view, create, modify, export, delete | view, create, modify, export, delete | view, create, modify, export, delete | view, create, modify, export, delete | view, create, modify, export, delete |
Exclusions | view, import, export, delete | view, import, export, delete | - | - | - |
Exports | view, modify, export, delete | - | - | - | - |
General Settings | view, modify | - | - | - | - |
Health and Status | view | - | - | - | - |
Managed Credentials | view, create, modify, delete | view, create, modify, delete | view, create, modify, delete | view, create, modify, delete | view, create, modify, delete |
PCI Managing | view, import, export, create, modify, delete | - | - | - | - |
Recast Rules | view, create, modify, delete | - | - | - | - |
Reports | view, run, create, modify, delete | view, run, create, modify, delete | view, run, create, modify, delete | view, run, create, modify, delete | view |
Report Results | view, delete | view, delete | view, delete | view, delete | view |
Scans1 | view, import, run, create, modify, delete | view, import, run, create, modify, delete | view, import, run, create, modify, delete | view, import, run, create2, modify, delete | view3, import |
Scan Results | view, delete | view, delete | view, delete | view, delete | view, delete |
Sensors | view, add, modify, delete | view, add, modify, delete | - | - | - |
Scanner Groups | view, create, modify, delete | view, create, modify, delete | - | - | - |
Tags4 | view, create tag category, create tag value, delete, export, assign, unassign | view, create tag value, delete, assign, unassign | view, delete, assign, unassign5 | view, delete, assign, unassign | view, assign, unassign |
User Groups | view, create, modify, delete, export | - | - | - | - |
User-Defined Scan Templates | view, import, export, create, modify, delete | view, import, export, create, modify, delete | view, import, export, create, modify, delete | - | - |
Users | view, create, modify, delete | - | - | - | - |
Vulnerabilities | view, export | view, export | view, export | view, export | view, export |
Area | Tenable Web App Scanning-Provided Roles and Privileges | |||||
---|---|---|---|---|---|---|
Administrator |
Scan Manager | Standard | Scan Operator | Basic | ||
Dashboards | view, create, modify, delete | view, create, modify, delete | view, create, modify, delete | view, create, modify, delete | view | view |
Tenable-Provided Scan Templates | view | view | view | - | - | - |
User-Defined Templates | view, create, modify, delete | view, create, modify, delete | view | - | - | - |
Scans (also requires scan permissions) |
view, create, modify, run, delete | view, create, modify, run, delete | view, create, modify, run, delete | view, import, create6, modify, run, delete, move to trash | view | view |
Managed Credentials | view, create, modify, delete | view, create, modify, delete | view, create, modify, delete | view, create, modify, delete | view, create, modify, delete | view, create, modify, delete |
Scan Permissions |
view, create, modify, delete7 | view, create, modify, delete8 | view, create, modify, delete9 | view, create, modify, delete10 | - | - |
Scan Results (also requires scan permissions) |
view, delete | view, delete | view, delete | view, delete | view, delete | view, delete |
Area | Lumin Exposure View-Provided Roles and Privileges | ||||
---|---|---|---|---|---|
Administrator |
Scan Manager | Standard | Scan Operator | Basic | |
Settings | manage, read | read | read | read | read |
Access to Asset Type | computing resource (host), cloud resource, web application, identity | computing resource (host), cloud resource, web application, identity | computing resource (host), cloud resource, web application, identity | computing resource (host), cloud resource, web application, identity | computing resource (host), cloud resource, web application, identity |
Export | manage own | manage own | manage own | manage own | manage own |
Exposure Card |
create, share, read | create, share, read | create, share, read | share, read | read |
Area | Asset Inventory-Provided Roles and Privileges | ||||
---|---|---|---|---|---|
Administrator |
Scan Manager | Standard | Scan Operator | Basic | |
Access to Asset Type | computing resource (host), cloud resource, web application, identity | computing resource (host), cloud resource, web application, identity | computing resource (host), cloud resource, web application, identity | computing resource (host), cloud resource, web application, identity | computing resource (host), cloud resource, web application, identity |
Export | manage own | manage own | manage own | manage own | manage own |
Tag |
create, edit | create, edit | - | - | - |
Area | Attack Path Analysis-Provided Roles and Privileges | ||||
---|---|---|---|---|---|
Administrator |
Scan Manager | Standard | Scan Operator | Basic | |
Export | manage own | manage own | manage own | manage own | manage own |
Finding | manage, read | manage, read | read | read | read |
Query | search, save | search, save | search, save | search | search |
Area | Tenable Container Security-Provided Roles and Privileges | ||||
---|---|---|---|---|---|
Administrator | Scan Manager | Standard | Scan Operator | Basic | |
view | view | view | view | view | |
Usage Data | view 11 | view | view | view | view |
Images | view, push to Tenable Vulnerability Management, delete 12 | view, push to Tenable Vulnerability Management, delete | view, push to Tenable Vulnerability Management, delete | view, push to Tenable Vulnerability Management, delete | - |
Image Repository | view, search, delete | view, search, delete | view, search, delete | view, search, delete | view, search |
Containers | view | view | view | view | view |
Policies | create, view, edit, set permissions, delete | create, view, edit, set permissions, delete | view | view | view |
Connectors | create, configure, view, delete | - | - | - | - |
CS Scanner | download, view, configure, run | download, view, configure, run | download, view, configure, run | download, view, configure, run | download |
Scan Results | view, search | view, search | view, search | view, search | view, search |