Manage Permissions

Required User Role: Administrator

In Tenable Web App Scanning, you can manage your Permissions in the following ways:

Create and Add a Permission Configuration

When you create a permission configuration in Tenable Web App Scanning, you can apply that configuration to one or more users or groups.

Before you begin:

  • Create a user or group for your Tenable Web App Scanning account.

  • Create a tag for the object for which you want to create a permission.

To create and add a permission configuration to a user or group:

  1. Access the Permissions page.

  2. At the top of the table, click Create Permission.

    The Create Permission window appears.

  3. In the Permission Name box, type a name for the permission configuration.

  4. (Optional) In the Users drop-down box, select one or more users.

    Note: Although the Users box is optional, you cannot save the permission configuration unless at least one user or user group is selected.

  5. (Optional) In the Groups drop-down box, select one or more user groups.

    Note: Although the Groups box is optional, you cannot save the permission configuration unless at least one user or user group is selected.

    Note: You can select All Users in the Groups drop-down box to assign the permission configuration to all users on your Tenable Web App Scanning instance. However, Tenable recommends that you use caution when assigning the permission configuration to all users because doing so goes against security best practices.

  6. In the Permissions drop-down box, select one or more permissions.

    Caution: Adding the Can Edit permission to your permission configuration along with the Can View or Can Scan permission allows assigned users to change the scope of the assets they can view and scan. Tenable recommends that you combine the Can Edit permission with the Can View or Can Scan permission only for administrator users.

    Note: If you select the Can Edit permission, Tenable Web App Scanning automatically adds the Can Use permission.

  7. In the Objects drop-down box, select one or more objects to which to apply the permission configuration.

    Note: The objects in the drop-down box are previously created tags that identify and define your assets. For more information, see Permissions.

    Tip: You can select All Assets to allow users and group to view or scan all the assets on your instance, regardless of whether the assets match any existing objects. You can also select All Tags to allow users and groups on your instance to edit or use all objects on your instance. For more information about objects, see Permissions.

  8. Click Save.

    A confirmation message appears.

    Tenable Web App Scanning saves your changes. The permission configuration appears on the Permissions tab.

Add a Permission Configuration to a User or Group

Before you begin:

To add a permission configuration to a user or group:

  1. Access the Access Control page.

  2. Do one of the following:

    • To add a permission configuration to a user:

      1. Click the Users tab.

        The Users tab appears. This tab contains a list of all the users on your Tenable Web App Scanning instance.

      2. In the users table, click the user to which you want to add a permission configuration.

        The Edit User page appears.

      3. In the Permissions section, at the top of the table, click Add Permissions.

        The Add Permissions window appears.

      4. Select the check box next to one or more permission configurations.

      5. Click Add.

        The permission configuration appears in the Permissions table on the Edit User page.

    • To add a permission configuration to a user group:

      1. Click the Groups tab.

        The Groups tab appears. This tab contains a list of all the user groups on your Tenable Web App Scanning instance.

      2. In the groups table, click the group to which you want to add a permission configuration.

        The Edit User Group page appears.

      3. In the Permissions section, at the top of the table, click Add Permissions.

        The Add Permissions window appears.

      4. Select the check box next to one or more permission configurations.

      5. Click Add.

        The permission configuration appears in the Permissions table on the Edit User Group page.

  3. Click Save.

    Tenable Web App Scanning saves your changes and adds the permission configuration to the user or group.

Edit a Permission Configuration

To edit a permission configuration:

  1. Access the Permissions page.

  2. In the table, click the permission configuration you want to edit.

    The Permission Details page appears.

  3. (Optional) In the Permission Name box, type a new name for the permission configuration.

  4. (Optional) Add or remove users or user groups.

  5. (Optional) Add or remove a permission:

    Caution: Adding the Can Edit permission to your permission configuration along with the Can View or Can Scan permission allows the users selected in the permission configuration to change the scope of the assets they can view and scan. Tenable recommends that you combine the Can Edit permission with the Can View or Can Scan permission only for administrator users.

    Note: If you select the Can Edit permission, Tenable Web App Scanning automatically adds the Can Use permission.

    Note: You cannot assign permissions to user or groups for a given object that overlap with permissions assigned to them via another permission configuration. For example, if you selected the Can Edit permission for an object, but a user listed under Users already has the ability to edit that object based on an existing permission configuration, Tenable Web App Scanning generates an error message and prevents you from saving the current permission configuration until you modify your selections to remove the redundancy.

    1. To add a permission, in the Permissions drop-down box, select one or more permissions.

    2. To remove a permission, in the Permissions drop-down box, click the button next to each permission you want to remove.

  6. (Optional) Add or remove an object.

    1. To add an object, in the Objects drop-down box, select one or more objects.

    2. To remove an object, in the Objects drop-down box, click the button next to each object you want to remove.

  7. Click Save.

    Tenable Web App Scanning saves your changes. The updated permission configuration appears on the Permissions tab.

Export Permission Configurations

On the Permissions page, you can export one or more permission configurations in CSV or JSON format.

To export your permission configurations:

  1. Access the Permissions page.

  2. (Optional) Refine the table data. For more information, see Tables.

  3. Do one of the following:

    • To export a single permission configuration:

      1. In the permission configurations table, right-click the row for the permission configuration you want to export.

        The action options appear next to your cursor.

        -or-

        In the permission configurations table, in the Actions column, click the button in the row for the permission configuration you want to export.

        The action buttons appear in the row.

      2. Click Export.

    • To export multiple permission configurations:

      1. In the permission configurations table, select the check box for each permission configuration you want to export.

        The action bar appears at the top of the table.

      2. In the action bar, click More More.

        A menu appears.

      3. Click Export.

        Note: You can individually select and export up to 200 permission configurations. If you want to export more than 200 permission configurations, you must select all the permission configurations on your Tenable Web App Scanning instance by selecting the check box at the top of the permission configurations table and then click Export.

    The Export panel appears.

  4. In the Name box, type a name for the export file.

  5. Click the export format you want to use:

    Format Description
    CSV

    A CSV text file that contains a list of permission configurations.

    Note: If your .csv export file includes a cell that begins with any of the following characters (=, +, -, @), Tenable Web App Scanning automatically inputs a single quote (') at the beginning of the cell. For more information, see the related knowledge base article.
    JSON

    A JSON file that contains a nested list of permission configurations.

    Empty fields are not included in the JSON file.

  6. (Optional) Deselect any fields you do not want to appear in the export file.

  7. In the Expiration box, type the number of days before the export file expires.

    Note: Tenable Web App Scanning allows you to set a maximum of 30 calendar days for export expiration.

  8. (Optional) To set a schedule for your export to repeat:

    • Click the Schedule toggle.

      • The Schedule section appears.

    • In the Start Date and Time section, select the date and time on which you want the export schedule to start.
    • In the Time Zone drop-down box, select the time zone to which you want the schedule to adhere.
    • In the Repeat drop-down box, select how often you want the export to repeat.
    • In the Repeat Ends drop-down, select the date on which you want the schedule to end.
      Note: If you select never, the schedule repeats until you modify or delete the export schedule.

  9. (Optional) To send email notifications on completion of the export:

    Note: You can enable email notifications with or without scheduling exports.

    • Click the Email Notification toggle.

      The Email Notification section appears.

    • In the Add Recipients box, type the email addresses to which you want to send the export notification.

    • (Required) In the Password box, type a password for the export file. You must share this password with the recipients to allow them to download the file.

      Note: Tenable Web App Scanning sends an email to the recipients and from the link in the email, the recipients can download the file by providing the correct password.

  10. Click Export.

    Tenable Web App Scanning begins processing the export. Depending on the size of the exported data, Tenable Web App Scanning may take several minutes to process the export.

    When processing completes, Tenable Web App Scanning downloads the export file to your computer. Depending on your browser settings, your browser may notify you that the download is complete.

  11. Access the export file via your browser's downloads directory. If you close the export plane before the download finishes, then you can access your export file in the Export Management View.

Remove a Permission Configuration from a User or Group

Note: You cannot remove a permission configuration from the Tenable-provided Administrator or All Users user groups.

To remove a permission configuration from a user:

  1. Do one of the following:

    • Remove the permission configuration via the Users page:

      1. Access the Users page.

      2. In the users table, click the user from which you want to remove a permission configuration.

        The Edit User page appears.

      3. In the Permissions table, in the Actions column, click the More button next to the permission configuration you want to remove.

      4. Click the Remove Trash button.

        Tenable Web App Scanning removes the permission configuration from the user.

      5. (Optional) Repeat for each user from which you want to remove a permission configuration.

    • Remove the permission via the Permissions page:

      1. Access the Permissions page.

      2. In the table, click the permission configuration you want to remove.

        The Permission Details page appears.

      3. In the Users section, click the button next to each user from which you want to remove the permission configuration.

        Tenable Web App Scanning removes the permission configuration from the Users list.

  2. Click Save.

    Tenable Web App Scanning saves your changes and removes the permission from the user.

To remove a permission configuration from a user group:

  1. Do one of the following:

    • Remove the permission configuration via the Groups tab:

      1. Access the User Groups page.

      2. In the user groups table, click the group from which you want to remove a permission configuration.

        The Edit User Group page appears.

      3. In the Permissions table, in the Actions column, click the More button next to the permission configuration you want to remove.

        A menu appears.

      4. Click Remove Trash .

        Tenable Web App Scanning removes the permission configuration from the user group.

      5. (Optional) Repeat for each user group from which you want to remove a permission configuration.

    • Remove the permission configuration via the Permissions tab:

      1. Access the Permissions page.

      2. In the table, click the permission you want to remove.

        The Permission Details page appears.

      3. In the Groups section, click the button next to each user group from which you want to remove the permission configuration.

        Tenable Web App Scanning removes the permission configuration from the Groups list.

  2. Click Save.

    Tenable Web App Scanning saves your changes and removes the permission from the group.

Delete a Permission Configuration

Note: You cannot delete the default permission configuration.

  1. Access the Permissions page.

  2. In the table, in the Actions column, click the More button next to the permission configuration you want to delete.

    A menu appears.

  3. Click Delete Trash .

    Tenable Web App Scanning deletes the permission configuration.