Roles¶
The following methods allow for interaction into the Tenable Security Center Roles API. These items are typically seen under the User Roles section of Tenable Security Center.
Methods available on sc.roles
:
- class RoleAPI(api: APISession)[source]¶
- create(name, **kw)[source]¶
Creates a role.
- Parameters:
name (str) – The name of the new role to create.
descrioption (str, optional) – A description for the role to be created.
can_agent_scan (bool, optional) – Are members of this role allowed to perform agent scans? If left unspecified the default is
False
.can_feed_update (bool, optional) – Are members of this role allowed to perform feed updates? If left unspecified, the default is
False
.can_import_scan (bool, optional) – Are members of this role allowed to import scans? If left unspecified, the default is
False
.can_scan (str, optional) – Are members of this role allowed to perform scans? Accepted values are full, policy, and none. If left unspecified, the default is none.
can_share (bool, optional) – Are members of this role allowed to share objects with other groups? If left unspecified, the default is
False
.can_view_logs (bool, optional) – Are members of this role allowed to view the organizational logs from Tenable Security Center? If left unspecified, the default is
False
.create_alerts (bool, optional) – Are members of this role allowed to create alerts? If left unspecified, the default is
False
.create_auditfiles (bool, optional) – Are members of this role allowed to create their own audit files? If left unspecified, the default is
False
.create_ldap_assets (bool, optional) – Are members of this role allowed to create LDAP Query Asset Lists? If left unspecified, the default is
False
.create_policies (bool, optional) – Are members of this role allowed to create scan policies? If left unspecified, the default is
False
.create_tickets (bool, optional) – Are members of this role allowed to create tickets? If left unspecified, the default is
False
.manage_accepted_risk_rules (bool, optional) – Are members of this role allowed to manage accepted risk rules? If left unspecified, the default is
False
.manage_attributes (bool, optional) – Are members of this role allowed to manage attribute sets? If left unspecified, the default is
False
.manage_blackout_windows (bool, optional) – Are members of this role allowed to manage scanning blackout windows? If left unspecified, the default is
False
.manage_groups (bool, optional) – Are members of this role allowed to manage user groups? If left unspecified, the default is
False
.manage_images (bool, optional) – Are members of this role allowed to manage report images? If left unspecified, the default is
False
.manage_recast_risk_rules (bool, optional) – Are members of this role allowed to manage recast risk rules? If left unspecified, the default is
False
.manage_relationships (bool, optional) – Are members of this role allowed to manage the user group relationships? If left unspecified, the default is
False
.manage_roles (bool, optional) – Are members of this role allowed to manage group role configurations? If left unspecified, the default is
False
.
- Returns:
The newly created role.
- Return type:
Examples
>>> role = sc.roles.create('Example Role', ... can_scan=True, can_import_scan=True)
- delete(id)[source]¶
Removes a role.
- Parameters:
id (int) – The numeric identifier for the role to remove.
- Returns:
An empty response.
- Return type:
Examples
>>> sc.roles.delete(1)
- details(id, fields=None)[source]¶
Returns the details for a specific role.
- Parameters:
- Returns:
The role resource record.
- Return type:
Examples
>>> role = sc.roles.details(1) >>> pprint(role)
- edit(id, **kw)[source]¶
Edits a role.
- Parameters:
id (int) – The numeric identifier for the role.
name (str, optional) – The name of the new role to create.
description (str, optional) – A description for the role to be created.
can_agent_scan (bool, optional) – Are members of this role allowed to perform agent scans? If left unspecified the default is
False
.can_feed_update (bool, optional) – Are members of this role allowed to perform feed updates? If left unspecified, the default is
False
.can_import_scan (bool, optional) – Are members of this role allowed to import scans? If left unspecified, the default is
False
.can_scan (bool, optional) – Are members of this role allowed to perform scans? If left unspecified, the default is
False
.can_share (bool, optional) – Are members of this role allowed to share objects with other groups? If left unspecified, the default is
False
.can_view_logs (bool, optional) – Are members of this role allowed to view the organizational logs from Tenable Security Center? If left unspecified, the default is
False
.create_alerts (bool, optional) – Are members of this role allowed to create alerts? If left unspecified, the default is
False
.create_auditfiles (bool, optional) – Are members of this role allowed to create their own audit files? If left unspecified, the default is
False
.create_ldap_assets (bool, optional) – Are members of this role allowed to create LDAP Query Asset Lists? If left unspecified, the default is
False
.create_policies (bool, optional) – Are members of this role allowed to create scan policies? If left unspecified, the default is
False
.create_tickets (bool, optional) – Are members of this role allowed to create tickets? If left unspecified, the default is
False
.manage_accepted_risk_rules (bool, optional) – Are members of this role allowed to manage accepted risk rules? If left unspecified, the default is
False
.manage_attributes (bool, optional) – Are members of this role allowed to manage attribute sets? If left unspecified, the default is
False
.manage_blackout_windows (bool, optional) – Are members of this role allowed to manage scanning blackout windows? If left unspecified, the default is
False
.manage_groups (bool, optional) – Are members of this role allowed to manage user groups? If left unspecified, the default is
False
.manage_images (bool, optional) – Are members of this role allowed to manage report images? If left unspecified, the default is
False
.manage_recast_risk_rules (bool, optional) – Are members of this role allowed to manage recast risk rules? If left unspecified, the default is
False
.manage_relationships (bool, optional) – Are members of this role allowed to manage the user group relationships? If left unspecified, the default is
False
.manage_roles (bool, optional) – Are members of this role allowed to manage group role configurations? If left unspecified, the default is
False
.
- Returns:
The newly updated role.
- Return type:
Examples
>>> role = sc.roles.create()