Web App Scanning: Custom Role-Based Access Control
Tenable is pleased to announce the availability of custom role-based access control for Web App Scanning. Custom roles are a custom set of privileges that enable you to tailor user privileges and access to resources on your Tenable Web App Scanning instance that are specific to your organization's needs. You can now create custom roles and assign users to those roles to provide more granular control for users to access, modify, and execute WAS scans. For example, you can create WAS-only users to allow AppSec or Dev teams to access the Tenable One platform without giving them access to Vulnerability Management tools.
Updates to the API documentation:
- A Roles documentation page was added to map user interface entities and actions to the role privilege string used by the WAS API.
- The permission block in the description for each WAS endpoint that lists the required roles and permissions has been updated to include the required custom role privilege string.
For more information about custom roles, see Custom Roles in the Tenable Web App Scanning User Guide.