Configure User Permissions for an Access Group

Tenable is retiring access groups. Moving forward, Tenable recommends that you use permissions to manage user and group access to resources on your Tenable Vulnerability Management instance and that you convert your existing access groups into permission configurations. For more information, see Transition to Permission Configurations.

Required User Role: Administrator

You can configure access group permissions for individual users or a user group. If you configure access group permissions for a group, you assign all users in that group the same permissions. For more information, see User Groups.

You can assign the following access group permissions to a user or user group:

  • No Access — (All Users user group only) No users (except for users or groups you specifically assign permissions) can scan the assets or targets specified in the access group. Also, no users can view related individual or aggregated scan results for the specified assets or targets.
  • Can View — The user's view in aggregated scan results (workbenches/dashboards) includes data from scans of the assets or targets specified in the access group. If you assign this permission to the All Users group for the access group, all users can view aggregated scan results for the assets or targets in the access group.
  • Can Scan — Users can scan assets or targets specified in the access group and view individual scan results for the assets or targets. If you do not have this permission, Tenable Vulnerability Management does not prevent you from configuring a scan using assets or targets specified in the access group; however, the scanner does not scan the assets or targets. If you assign this permission to the All Users group for the access group, all users can scan the assets or targets in the access group and view the related individual scan results.

User permissions in an access group are cumulative, rather than hierarchical. To allow a user to scan an asset or target and view results for that asset or target in aggregated results, you must set the user's permissions in the access group to both Can View and Can Scan.

Tip: To run scans auditing cloud infrastructure, configure a Scan Target access group that includes the target 127.0.0.1, and set user permissions to Can Scan.

To configure user permissions for an access group:

  1. Create or edit an access group.

  2. In the Users & Groups section, do any of the following: