Create permission

Creates a permission that grants the specified actions to the specified subjects on the specified objects.

Note: The AllAssets object type is only compatible with CanView, CanScan, or empty actions. The Tag and AllTags object types are only compatible with CanUse and CanEdit actions.

Requires the Administrator [64] user role. See Roles.

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…
Body Params
string
required

Specifies the name of the permission.

Note: The name must be unique, 255 characters or fewer, and alphanumeric. The following special characters are allowed: underscore, dash, parenthesis, brackets, and colon.

actions
array of strings
required

Specifies the actions to grant on the specified objects. Supported values depend on the object type:

  • CanScan — Users assigned this permission can scan assets or targets specified in the tag.
  • CanView — Users assigned this permission can view the assets and related vulnerabilities specified in the tag in aggregated scan results (workbenches/dashboards).
  • CanEdit — Users assigned this permission can edit the tag value. If you assign this permission to the All Users (Default) user group, all users can edit the tag value.
  • CanUse — Users assigned this permission can use the tag to scan the assets or targets specified in the tag and use the tag for filtering in aggregated scan results (workbenches/dashboards).
  • CanViewMssp — Grants permission to view MSSP-related data.
  • CanEditMssp — Grants permission to edit MSSP-related data.
  • CanImpersonateAdmin — Grants permission to impersonate an Administrator.
  • CanImpersonateScanManager — Grants permission to impersonate a Scan Manager.
  • CanImpersonateScanOperator — Grants permission to impersonate a Scan Operator.
actions*
objects
array of objects
required

Specifies the objects (tags or assets) to which the permission applies.

objects*
subjects
array of objects
required

Specifies the users or user groups to which the permission is granted.

subjects*
Headers
string
enum
Defaults to application/json

Generated from available response content types

Allowed:
Responses

400

Returned if your request specified invalid parameters or was improperly formatted. For example, if the AllAssets object type is used with incompatible actions, if required fields are missing, or if the permission name does not meet the naming requirements.

403

Returned if you do not have permission to create permissions. For more information, see Roles and Permissions.

Language
Credentials
Header
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
application/json
text/html