Roles

The following methods allow for interaction into the Tenable.sc Roles API. These items are typically seen under the User Roles section of Tenable.sc.

Methods available on sc.roles:

class RoleAPI(api: restfly.session.APISession)[source]
create(name, **kw)[source]

Creates a role.

role: create

Parameters

  • name (str) – The name of the new role to create.

  • descrioption (str, optional) – A description for the role to be created.

  • can_agent_scan (bool, optional) – Are members of this role allowed to perform agent scans? If left unspecified the default is False.

  • can_feed_update (bool, optional) – Are members of this role allowed to perform feed updates? If left unspecified, the default is False.

  • can_import_scan (bool, optional) – Are members of this role allowed to import scans? If left unspecified, the default is False.

  • can_scan (str, optional) – Are members of this role allowed to perform scans? Accepted values are full, policy, and none. If left unspecified, the default is none.

  • can_share (bool, optional) – Are members of this role allowed to share objects with other groups? If left unspecified, the default is False.

  • can_view_logs (bool, optional) – Are members of this role allowed to view the organizational logs from Tenable.sc? If left unspecified, the default is False.

  • create_alerts (bool, optional) – Are members of this role allowed to create alerts? If left unspecified, the default is False.

  • create_auditfiles (bool, optional) – Are members of this role allowed to create their own audit files? If left unspecified, the default is False.

  • create_ldap_assets (bool, optional) – Are members of this role allowed to create LDAP Query Asset Lists? If left unspecified, the default is False.

  • create_policies (bool, optional) – Are members of this role allowed to create scan policies? If left unspecified, the default is False.

  • create_tickets (bool, optional) – Are members of this role allowed to create tickets? If left unspecified, the default is False.

  • manage_accepted_risk_rules (bool, optional) – Are members of this role allowed to manage accepted risk rules? If left unspecified, the default is False.

  • manage_attributes (bool, optional) – Are members of this role allowed to manage attribute sets? If left unspecified, the default is False.

  • manage_blackout_windows (bool, optional) – Are members of this role allowed to manage scanning blackout windows? If left unspecified, the default is False.

  • manage_groups (bool, optional) – Are members of this role allowed to manage user groups? If left unspecified, the default is False.

  • manage_images (bool, optional) – Are members of this role allowed to manage report images? If left unspecified, the default is False.

  • manage_recast_risk_rules (bool, optional) – Are members of this role allowed to manage recast risk rules? If left unspecified, the default is False.

  • manage_relationships (bool, optional) – Are members of this role allowed to manage the user group relationships? If left unspecified, the default is False.

  • manage_roles (bool, optional) – Are members of this role allowed to manage group role configurations? If left unspecified, the default is False.

Returns

The newly created role.

Return type

dict

Examples

>>> role = sc.roles.create('Example Role',
...     can_scan=True, can_import_scan=True)
delete(id)[source]

Removes a role.

role: delete

Parameters

id (int) – The numeric identifier for the role to remove.

Returns

An empty response.

Return type

str

Examples

>>> sc.roles.delete(1)
details(id, fields=None)[source]

Returns the details for a specific role.

role: details

Parameters

  • id (int) – The identifier for the role.

  • fields (list, optional) – A list of attributes to return.

Returns

The role resource record.

Return type

dict

Examples

>>> role = sc.roles.details(1)
>>> pprint(role)
edit(id, **kw)[source]

Edits a role.

role: edit

Parameters

  • id (int) – The numeric identifier for the role.

  • name (str, optional) – The name of the new role to create.

  • description (str, optional) – A description for the role to be created.

  • can_agent_scan (bool, optional) – Are members of this role allowed to perform agent scans? If left unspecified the default is False.

  • can_feed_update (bool, optional) – Are members of this role allowed to perform feed updates? If left unspecified, the default is False.

  • can_import_scan (bool, optional) – Are members of this role allowed to import scans? If left unspecified, the default is False.

  • can_scan (bool, optional) – Are members of this role allowed to perform scans? If left unspecified, the default is False.

  • can_share (bool, optional) – Are members of this role allowed to share objects with other groups? If left unspecified, the default is False.

  • can_view_logs (bool, optional) – Are members of this role allowed to view the organizational logs from Tenable.sc? If left unspecified, the default is False.

  • create_alerts (bool, optional) – Are members of this role allowed to create alerts? If left unspecified, the default is False.

  • create_auditfiles (bool, optional) – Are members of this role allowed to create their own audit files? If left unspecified, the default is False.

  • create_ldap_assets (bool, optional) – Are members of this role allowed to create LDAP Query Asset Lists? If left unspecified, the default is False.

  • create_policies (bool, optional) – Are members of this role allowed to create scan policies? If left unspecified, the default is False.

  • create_tickets (bool, optional) – Are members of this role allowed to create tickets? If left unspecified, the default is False.

  • manage_accepted_risk_rules (bool, optional) – Are members of this role allowed to manage accepted risk rules? If left unspecified, the default is False.

  • manage_attributes (bool, optional) – Are members of this role allowed to manage attribute sets? If left unspecified, the default is False.

  • manage_blackout_windows (bool, optional) – Are members of this role allowed to manage scanning blackout windows? If left unspecified, the default is False.

  • manage_groups (bool, optional) – Are members of this role allowed to manage user groups? If left unspecified, the default is False.

  • manage_images (bool, optional) – Are members of this role allowed to manage report images? If left unspecified, the default is False.

  • manage_recast_risk_rules (bool, optional) – Are members of this role allowed to manage recast risk rules? If left unspecified, the default is False.

  • manage_relationships (bool, optional) – Are members of this role allowed to manage the user group relationships? If left unspecified, the default is False.

  • manage_roles (bool, optional) – Are members of this role allowed to manage group role configurations? If left unspecified, the default is False.

Returns

The newly updated role.

Return type

dict

Examples

>>> role = sc.roles.create()
list(fields=None)[source]

Retrieves the list of role definitions.

role: list

Parameters

fields (list, optional) – A list of attributes to return for each role.

Returns

A list of role resources.

Return type

list

Examples

>>> for role in sc.roles.list():
...     pprint(role)