Roles

The following methods allow for interaction into the Tenable Security Center Roles API. These items are typically seen under the User Roles section of Tenable Security Center.

Methods available on sc.roles:

class RoleAPI(api: APISession)[source]
create(name, **kw)[source]

Creates a role.

role: create

Parameters:
  • name (str) – The name of the new role to create.

  • descrioption (str, optional) – A description for the role to be created.

  • can_agent_scan (bool, optional) – Are members of this role allowed to perform agent scans? If left unspecified the default is False.

  • can_feed_update (bool, optional) – Are members of this role allowed to perform feed updates? If left unspecified, the default is False.

  • can_import_scan (bool, optional) – Are members of this role allowed to import scans? If left unspecified, the default is False.

  • can_scan (str, optional) – Are members of this role allowed to perform scans? Accepted values are full, policy, and none. If left unspecified, the default is none.

  • can_share (bool, optional) – Are members of this role allowed to share objects with other groups? If left unspecified, the default is False.

  • can_view_logs (bool, optional) – Are members of this role allowed to view the organizational logs from Tenable Security Center? If left unspecified, the default is False.

  • create_alerts (bool, optional) – Are members of this role allowed to create alerts? If left unspecified, the default is False.

  • create_auditfiles (bool, optional) – Are members of this role allowed to create their own audit files? If left unspecified, the default is False.

  • create_ldap_assets (bool, optional) – Are members of this role allowed to create LDAP Query Asset Lists? If left unspecified, the default is False.

  • create_policies (bool, optional) – Are members of this role allowed to create scan policies? If left unspecified, the default is False.

  • create_tickets (bool, optional) – Are members of this role allowed to create tickets? If left unspecified, the default is False.

  • manage_accepted_risk_rules (bool, optional) – Are members of this role allowed to manage accepted risk rules? If left unspecified, the default is False.

  • manage_attributes (bool, optional) – Are members of this role allowed to manage attribute sets? If left unspecified, the default is False.

  • manage_blackout_windows (bool, optional) – Are members of this role allowed to manage scanning blackout windows? If left unspecified, the default is False.

  • manage_groups (bool, optional) – Are members of this role allowed to manage user groups? If left unspecified, the default is False.

  • manage_images (bool, optional) – Are members of this role allowed to manage report images? If left unspecified, the default is False.

  • manage_recast_risk_rules (bool, optional) – Are members of this role allowed to manage recast risk rules? If left unspecified, the default is False.

  • manage_relationships (bool, optional) – Are members of this role allowed to manage the user group relationships? If left unspecified, the default is False.

  • manage_roles (bool, optional) – Are members of this role allowed to manage group role configurations? If left unspecified, the default is False.

Returns:

The newly created role.

Return type:

dict

Examples

>>> role = sc.roles.create('Example Role',
...     can_scan=True, can_import_scan=True)
delete(id)[source]

Removes a role.

role: delete

Parameters:

id (int) – The numeric identifier for the role to remove.

Returns:

An empty response.

Return type:

str

Examples

>>> sc.roles.delete(1)
details(id, fields=None)[source]

Returns the details for a specific role.

role: details

Parameters:
  • id (int) – The identifier for the role.

  • fields (list, optional) – A list of attributes to return.

Returns:

The role resource record.

Return type:

dict

Examples

>>> role = sc.roles.details(1)
>>> pprint(role)
edit(id, **kw)[source]

Edits a role.

role: edit

Parameters:
  • id (int) – The numeric identifier for the role.

  • name (str, optional) – The name of the new role to create.

  • description (str, optional) – A description for the role to be created.

  • can_agent_scan (bool, optional) – Are members of this role allowed to perform agent scans? If left unspecified the default is False.

  • can_feed_update (bool, optional) – Are members of this role allowed to perform feed updates? If left unspecified, the default is False.

  • can_import_scan (bool, optional) – Are members of this role allowed to import scans? If left unspecified, the default is False.

  • can_scan (bool, optional) – Are members of this role allowed to perform scans? If left unspecified, the default is False.

  • can_share (bool, optional) – Are members of this role allowed to share objects with other groups? If left unspecified, the default is False.

  • can_view_logs (bool, optional) – Are members of this role allowed to view the organizational logs from Tenable Security Center? If left unspecified, the default is False.

  • create_alerts (bool, optional) – Are members of this role allowed to create alerts? If left unspecified, the default is False.

  • create_auditfiles (bool, optional) – Are members of this role allowed to create their own audit files? If left unspecified, the default is False.

  • create_ldap_assets (bool, optional) – Are members of this role allowed to create LDAP Query Asset Lists? If left unspecified, the default is False.

  • create_policies (bool, optional) – Are members of this role allowed to create scan policies? If left unspecified, the default is False.

  • create_tickets (bool, optional) – Are members of this role allowed to create tickets? If left unspecified, the default is False.

  • manage_accepted_risk_rules (bool, optional) – Are members of this role allowed to manage accepted risk rules? If left unspecified, the default is False.

  • manage_attributes (bool, optional) – Are members of this role allowed to manage attribute sets? If left unspecified, the default is False.

  • manage_blackout_windows (bool, optional) – Are members of this role allowed to manage scanning blackout windows? If left unspecified, the default is False.

  • manage_groups (bool, optional) – Are members of this role allowed to manage user groups? If left unspecified, the default is False.

  • manage_images (bool, optional) – Are members of this role allowed to manage report images? If left unspecified, the default is False.

  • manage_recast_risk_rules (bool, optional) – Are members of this role allowed to manage recast risk rules? If left unspecified, the default is False.

  • manage_relationships (bool, optional) – Are members of this role allowed to manage the user group relationships? If left unspecified, the default is False.

  • manage_roles (bool, optional) – Are members of this role allowed to manage group role configurations? If left unspecified, the default is False.

Returns:

The newly updated role.

Return type:

dict

Examples

>>> role = sc.roles.create()
list(fields=None)[source]

Retrieves the list of role definitions.

role: list

Parameters:

fields (list, optional) – A list of attributes to return for each role.

Returns:

A list of role resources.

Return type:

list

Examples

>>> for role in sc.roles.list():
...     pprint(role)