During our implementation testing of Tanium Connector we did not see anywhere where the minimum rights to the Tanium UI were documented. Is this documented anywhere official? I see something that says you need an account with Admin rights to the UI but it does not say that the svc account needs admin. And there is a spot where it says the svc account needs data reader on the staging DB. But again, nothing we can see about UI permissions.
Feb 24, 2020 02:33 PM
Roles and permissions in Tanium are the same for the API as for the console.
"Asset Report Reader" would be the preferred role as it only has read access, compared to "Asset User" role which has write access as well.
Role privileges can be found here: https://docs.tanium.com/asset/asset/requirements.html?Highlight=Roles#user_roles
Feb 28, 2020 06:46 AM
The account that is configured in FlexNet Beacon doesn’t need to have admin rights. Account with “Asset User” role would suffice.
I’ve reached out to Tanium to understand their recommendation of a role with minimum rights that an account needs to have, for FlexNet beacon to make REST API calls and fetch data from Tanium Asset.
Feb 26, 2020 06:54 AM
Roles and permissions in Tanium are the same for the API as for the console.
"Asset Report Reader" would be the preferred role as it only has read access, compared to "Asset User" role which has write access as well.
Role privileges can be found here: https://docs.tanium.com/asset/asset/requirements.html?Highlight=Roles#user_roles
Feb 28, 2020 06:46 AM