Restrict Users for All Assets Group

Tenable is retiring access groups. Moving forward, Tenable recommends that you use permissions to manage user and group access to resources on your Tenable Vulnerability Management instance and that you convert your existing access groups into permission configurations. For more information, see Transition to Permission Configurations.

Required User Role: Administrator

The All Assets group is the default, system-generated access group to which all assets belong.

By default, the following conditions are true:

  • The All Users user group, which contains all users in your organization, is assigned to the All Assets access group.
  • The permissions for the All Users group are set to Can View and Can Scan.

If you do not want all users to scan all assets and view the individual and aggregated results, you must set the permissions for the All Users group to No Access. Optionally, you can then add specific users or to provide individuals with access to all assets.

Note: When you create or edit an access group, Tenable Vulnerability Management may take some time to assign assets to the access group, depending on the system load, the number of matching assets, and the number of vulnerabilities.

You can view the status of this assignment process in the Status column of the access groups table on the Access Groups page.

To restrict user permissions for the All Assets group:

  1. In the upper-left corner, click the Menu button.

    The left navigation plane appears.

  2. In the left navigation plane, click Settings.

    The Settings page appears.

  3. Click the Access Groups tile.

    The Access Groups page appears. This page contains a table that lists the access groups to which you have access.

  4. In the access groups table, click the All Assets group.

    The Edit All Assets Access Group page appears.

  5. In the Users & Groups section, locate the listing for the All Users group.

  6. Remove both the Can Edit and Can Scan labels from the All Users group listing:

    1. Roll over the label.

      The Delete button appears on the label.

    2. Click the Delete button.

      Tenable Vulnerability Management removes the label.

    Note: When configuring permissions for the All Users user group, Tenable recommends keeping the following in mind:

    • If you retain the permissions for All Assets as Can View, all users can view scan results for all assets or targets for your organization.
    • If you set the permissions for All Assets to Can Scan, all users can scan all assets or targets for your organization and view the related scan results.
  7. (Optional) Configure user permissions for each user or group you want to add to the All Assets group.

  8. Click Save.

    The Access Groups page appears. Access to the All Assets group is restricted to the user(s) or group(s) you added.