DocumentationAPI ExplorerRecipesConnectChangelogRSSSubscribe
API Explorer

Update access group

put deprecated
https://cloud.tenable.com/v2/access-groups/

Modifies an access group. This method overwrites the existing data.

Caution: Access groups were deprecated in Tenable Vulnerability Management on February 4th, 2022. Tenable recommends that customers use access control instead to manage user and group access to resources in Tenable Vulnerability Management. Please update any existing integrations that your organization has. For more information about access control, see Access Control in the Tenable Vulnerability Management User Guide.

Requires the Administrator [64] user role. See Roles.

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…
Path Params
string
required

The UUID for the access group you want to modify.

Body Params
string

The name of the access group you want to modify.

string
enum

The type of access group. It can be one of three possible types:

  • MANAGE_ASSETS—Users in this access group can view the asset records created during previous scans and scan the associated targets for those assets.
  • SCAN_TARGETS—Users in this access group can scan targets associated with the access group and view the results of those scans. Targets may be associated with existing assets.
  • ALL—This access group type is only applicable to the default system-generated "All Assets" access group that contains all assets in your organization. This group is referred to as the "All Assets" group in the user interface. By default, Tenable Vulnerability Management grants all users in this access group both CAN VIEW and CAN SCAN permissions.
Allowed:
boolean

Specifies whether assets in the access group can be viewed by all or only some users in your organization:

  • If true, all users in your organization have Can View access to the assets defined in the rules parameter. Tenable Vulnerability Management ignores any principal parameters in your request.
  • If false, only specified users have Can View access to the assets defined in the rules parameter. You define which users or user groups have access in the principals parameter of the request.

If you omit this parameter, Tenable Vulnerability Management sets the parameter to false by default.

boolean

Specifies whether the access group you want to modify is the All Assets group or a user-defined group:

  • If you want to refine membership in the All Assets access group (the only change you can make to the All Assets group), this parameter must be true. Tenable Vulnerability Management ignores any rules parameters in your request, but overwrrites existing principals parameters with those in the request based on the all_users and principals parameters in the request.
  • If you want to modify a user-defined access group, this parameter must be false. Tenable Vulnerability Management overwrites the existing rules parameters with the rules parameters you specify in this request, and overwrites existing principals parameters based on the all_users and principals parameters in the request.
principals
array of objects

An array of principals. Each principal represents a user or user group assigned to the access group. You cannot add an access group as a principal to another access group.

principals
rules
array of objects

An array of asset rules. Tenable Vulnerability Management uses these rules to assign assets to the access group. You can specify a maximum of 1,000 rules for an individual access group. If you specify multiple rules for an access group, Tenable Vulnerability Management assigns an asset to the access group if the asset matches any of the rules. You can only add rules to access groups if the all_assets parameter is set to false.

Note: When configuring rules for an access_group_type of SCAN_TARGETS, the asset attribute type (rules.type) must match the target format used in the related scan. For example, if a SCAN_TARGETS type access group rule filters on the FQDN/Hostname attribute, the related scan succeeds if the scan target is specified in FQDN or hostname format, but fails if the scan target is specified in IPv4 address format.

rules
Headers
string
enum
Defaults to application/json

Generated from available response content types

Allowed:
Responses

400

Returned if Tenable Vulnerability Management encountered any of the following error conditions:

  • incomplete—the body of your request did not include the required fields.
  • duplicate—an access group with the name you specified already exists.
  • protected—you attempted to update an access group where the all_assets parameter is set to true, and you cannot update the system-provided All Assets access group.
403

Returned if you do not have sufficient permissions to modify access groups.

Updated 29 days ago

Language
Credentials
Header
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
application/json
text/html

Updated 29 days ago