DocumentationAPI ExplorerRecipesConnectChangelogRSSSubscribe
API Explorer

Create permission

post
https://cloud.tenable.com/api/v3/access-control/permissions

Creates a permission.

Note: The AllAssets object type is only compatible with CanView, CanScan, or empty permissions. The Tag object type is only compatible with CanUse and CanEdit permissions.

Requires the Administrator [64] user role. See Roles.

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…
Body Params
string
required

The name of the permission.

Note: The name must be unique, 255 characters or less, and alphanumeric. The following special characters are allowed: underscore, dash, parenthesis, brackets, and colon.

actions
array of strings
required

A list of actions to apply to the tags or the assets grouped by tags. Possible actions are CanScan, CanView, CanEdit, and CanUse.

  • CanScan—Users assigned this permission can scan assets or targets specified in the tag.
  • CanView—Users assigned this permission can view the assets and related vulnerabilities specified in the tag in aggregated scan results (workbenches/dashboards).
  • CanEdit—Users assigned this permission can edit the tag value. If you assign this permission to the All Users (Default) user group, all users can edit the tag value.
  • CanUse—Users assigned this permission can use the tag to scan the assets or targets specified in the tag and use the tag for filtering in aggregated scan results (workbenches/dashboards).

actions*
Allowed:
objects
array of objects
required

A list of objects (tags or assets) that will have the specified permission applied to them.

objects*
subjects
array of objects
required

A list of users or user groups that you want the permission applied to.

subjects*
Responses

400

Returned if Tenable Vulnerability Management encountered any of the following error conditions:

  • Incorrect actions: The AllAssets object type is only compatible with CanView, CanScan, or empty permissions. The Tag object type is only compatible with CanUse and CanEdit permissions.
  • Required fields are missing. Required fields are name, subjects, and objects.
  • The permission name doesn't meet the requirements.
403

Returned if you are not allowed to create permissions.

409

Returned if a permission with the same name already exists for your container.

Updated about 2 months ago

Language
Credentials
Header
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
application/json

Updated about 2 months ago