Tenable Vulnerability Management uses the following permissions types:
| Name | Value | Description |
|---|
| No Access | 0 | Users assigned this permission for a scan cannot view, control, or configure the scan. As a result, the scan does not appear for the user in the Vulnerability Management user interface, and the user cannot access the scan using the scans API. |
| Can View | 16 | Users and groups assigned this permission can view the results of the scan, export scan results, and move the scan to the trash folder. As a result, the scan appears for the user in the Vulnerability Management user interface, and the user can access the scan using the scans API. Users assigned this permission cannot view the scan configuration or permanently delete the scan. |
| Can Execute | 32 | In addition to the tasks allowed by the Can View permission, users and groups assigned the Can Execute permission can launch, pause, and stop a scan. Users assigned this permission cannot view the scan configuration or permanently delete the scan. |
| Can Edit | 64 | In addition to the tasks allowed by the Can Execute permission, users and groups assigned the Can Edit permission can view the scan configuration, modify any setting for the scan except scan ownership, and permanently delete the scan. |
| Owner | 128 | The user assigned this permission owns the scan. The owner can modify any setting for the scan, including scan ownership. |
| Name | Value | Description |
|---|
| No Access | 0 | Users assigned this permission cannot view or use the scan template (policy). As a result, this scan template does not appear for the user in the Vulnerability Management user interface, and the user cannot access the scan template using the policies API. |
| Can View | 16 | Users and groups assigned this permission can view the scan template and use it to create scans. |
| Can Execute | 32 | In addition to the tasks allowed by the Can View permission, users assigned the Can Execute permission can modify any setting for the scan template except permissions. |
| Can Edit | 64 | In addition to the tasks allowed by the Can Execute permission, users assigned the Can Edit permission can modify any setting for the scan template except scan template ownership. |
| Owner | 128 | The user assigned this permission owns the scan template. The owner can modify any setting for the scan template, including scan template ownership. |
| Name | Value | Description |
|---|
| Can Use | 32 | Users assigned this permission can use the managed credential in a scan, but cannot edit managed credential configuration. |
| Can Edit | 64 | In addition to Can Use privileges, users assigned this permission can view and edit settings for the managed credential and can delete the managed credential. |
| Name | Value | Description |
|---|
| No Access | 0 | Users assigned this permission cannot use the scanner. As a result, this scanner does not appear for the user in the Vulnerability Management user interface, and the user cannot access the scanner using the scanners API. |
| Can Use | 16 | Users assigned this permission can use the scanner. |
| Can Manage | 64 | Users assigned this permission can manage the scanner. |
| Name | Value | Description |
|---|
| No Access | 0 | Users assigned this permission cannot use the agent group in agent scans. As a result, this agent group does not appear for the user in the Vulnerability Management user interface, and the user cannot access the agent group using the agent-groups API. |
| Can Use | 16 | Users assigned this permission can use the agent group in agent scans. |
