Configure User Permissions for a Managed Credential

Required Tenable Vulnerability Management User Role: Basic, Scan Operator, Standard, Scan Manager, or Administrator

Required Tenable Web App Scanning User Role: Basic, Scan Operator, Standard, Scan Manager, or Administrator

You configure user permissions for a managed credential separately from the permissions you configure for the scans where you use the credential.

You can configure credential permissions for individual users or a user group. If you configure credential permissions for a group, you assign all users in that group the same permissions. You may want to create the equivalent of a credential manager role by creating a group for the users you want to manage credentials. For more information, see User Groups.

If you create a managed credential, Tenable Web App Scanning automatically assigns you Can Edit permissions.

To configure user permissions for a managed credential:

  1. Create or edit a managed credential:

    Location Action
    In the credential manager create or edit
    In a scan configuration create or edit
  2. Do one of the following:

      1. In the credential settings plane, click the add button next to the User Permissions title.

        The Add User Permission settings appear.

      2. In the search box, type the name of a user or group.

        As you type, a filtered list of users and groups appears.

      3. Select a user or group from the search results.

      4. Click the button next to the permission drop-down for the user or group.

      5. Select a permission level:

        • Can Use — The user can view the credential in the managed credentials table and use the credential in scans.

        • Can Edit — The user can view and edit credential settings, delete the credential, and use the credential in scans.

      6. Click Add.
      7. Click Save.
      1. In the User Permissions section of the credential settings plane, click the button next to the permission drop-down for the user or group.

      2. Select a permission level:

        • Can Use — The user can view the credential in the managed credentials table and use the credential in scans.

        • Can Edit — The user can view and edit credential settings, delete the credential, and use the credential in scans.

      3. Click Save.

      1. In the User Permissions section of the credential settings plane, roll over the user or group you want to delete.

      2. Click the button next to the user or user group.

        The user or group is removed from the User Permissions list.

      3. Click Save.