Roles

The following methods allow for interaction into the Tenable Security Center Roles API. These items are typically seen under the User Roles section of Tenable Security Center.

Methods available on sc.roles:

class RoleAPI(api: restfly.session.APISession)[source]
create(name, **kw)[source]

Creates a role.

role: create

Parameters

  • name (str) – The name of the new role to create.

  • descrioption (str, optional) – A description for the role to be created.

  • can_agent_scan (bool, optional) – Are members of this role allowed to perform agent scans? If left unspecified the default is False.

  • can_feed_update (bool, optional) – Are members of this role allowed to perform feed updates? If left unspecified, the default is False.

  • can_import_scan (bool, optional) – Are members of this role allowed to import scans? If left unspecified, the default is False.

  • can_scan (str, optional) – Are members of this role allowed to perform scans? Accepted values are full, policy, and none. If left unspecified, the default is none.

  • can_share (bool, optional) – Are members of this role allowed to share objects with other groups? If left unspecified, the default is False.

  • can_view_logs (bool, optional) – Are members of this role allowed to view the organizational logs from Tenable Security Center? If left unspecified, the default is False.

  • create_alerts (bool, optional) – Are members of this role allowed to create alerts? If left unspecified, the default is False.

  • create_auditfiles (bool, optional) – Are members of this role allowed to create their own audit files? If left unspecified, the default is False.

  • create_ldap_assets (bool, optional) – Are members of this role allowed to create LDAP Query Asset Lists? If left unspecified, the default is False.

  • create_policies (bool, optional) – Are members of this role allowed to create scan policies? If left unspecified, the default is False.

  • create_tickets (bool, optional) – Are members of this role allowed to create tickets? If left unspecified, the default is False.

  • manage_accepted_risk_rules (bool, optional) – Are members of this role allowed to manage accepted risk rules? If left unspecified, the default is False.

  • manage_attributes (bool, optional) – Are members of this role allowed to manage attribute sets? If left unspecified, the default is False.

  • manage_blackout_windows (bool, optional) – Are members of this role allowed to manage scanning blackout windows? If left unspecified, the default is False.

  • manage_groups (bool, optional) – Are members of this role allowed to manage user groups? If left unspecified, the default is False.

  • manage_images (bool, optional) – Are members of this role allowed to manage report images? If left unspecified, the default is False.

  • manage_recast_risk_rules (bool, optional) – Are members of this role allowed to manage recast risk rules? If left unspecified, the default is False.

  • manage_relationships (bool, optional) – Are members of this role allowed to manage the user group relationships? If left unspecified, the default is False.

  • manage_roles (bool, optional) – Are members of this role allowed to manage group role configurations? If left unspecified, the default is False.

Returns

The newly created role.

Return type

dict

Examples

>>> role = sc.roles.create('Example Role',
...     can_scan=True, can_import_scan=True)
delete(id)[source]

Removes a role.

role: delete

Parameters

id (int) – The numeric identifier for the role to remove.

Returns

An empty response.

Return type

str

Examples

>>> sc.roles.delete(1)
details(id, fields=None)[source]

Returns the details for a specific role.

role: details

Parameters

  • id (int) – The identifier for the role.

  • fields (list, optional) – A list of attributes to return.

Returns

The role resource record.

Return type

dict

Examples

>>> role = sc.roles.details(1)
>>> pprint(role)
edit(id, **kw)[source]

Edits a role.

role: edit

Parameters

  • id (int) – The numeric identifier for the role.

  • name (str, optional) – The name of the new role to create.

  • description (str, optional) – A description for the role to be created.

  • can_agent_scan (bool, optional) – Are members of this role allowed to perform agent scans? If left unspecified the default is False.

  • can_feed_update (bool, optional) – Are members of this role allowed to perform feed updates? If left unspecified, the default is False.

  • can_import_scan (bool, optional) – Are members of this role allowed to import scans? If left unspecified, the default is False.

  • can_scan (bool, optional) – Are members of this role allowed to perform scans? If left unspecified, the default is False.

  • can_share (bool, optional) – Are members of this role allowed to share objects with other groups? If left unspecified, the default is False.

  • can_view_logs (bool, optional) – Are members of this role allowed to view the organizational logs from Tenable Security Center? If left unspecified, the default is False.

  • create_alerts (bool, optional) – Are members of this role allowed to create alerts? If left unspecified, the default is False.

  • create_auditfiles (bool, optional) – Are members of this role allowed to create their own audit files? If left unspecified, the default is False.

  • create_ldap_assets (bool, optional) – Are members of this role allowed to create LDAP Query Asset Lists? If left unspecified, the default is False.

  • create_policies (bool, optional) – Are members of this role allowed to create scan policies? If left unspecified, the default is False.

  • create_tickets (bool, optional) – Are members of this role allowed to create tickets? If left unspecified, the default is False.

  • manage_accepted_risk_rules (bool, optional) – Are members of this role allowed to manage accepted risk rules? If left unspecified, the default is False.

  • manage_attributes (bool, optional) – Are members of this role allowed to manage attribute sets? If left unspecified, the default is False.

  • manage_blackout_windows (bool, optional) – Are members of this role allowed to manage scanning blackout windows? If left unspecified, the default is False.

  • manage_groups (bool, optional) – Are members of this role allowed to manage user groups? If left unspecified, the default is False.

  • manage_images (bool, optional) – Are members of this role allowed to manage report images? If left unspecified, the default is False.

  • manage_recast_risk_rules (bool, optional) – Are members of this role allowed to manage recast risk rules? If left unspecified, the default is False.

  • manage_relationships (bool, optional) – Are members of this role allowed to manage the user group relationships? If left unspecified, the default is False.

  • manage_roles (bool, optional) – Are members of this role allowed to manage group role configurations? If left unspecified, the default is False.

Returns

The newly updated role.

Return type

dict

Examples

>>> role = sc.roles.create()
list(fields=None)[source]

Retrieves the list of role definitions.

role: list

Parameters

fields (list, optional) – A list of attributes to return for each role.

Returns

A list of role resources.

Return type

list

Examples

>>> for role in sc.roles.list():
...     pprint(role)