cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Tanium Connector SVC Account Minimum Rights

During our implementation testing of Tanium Connector we did not see anywhere where the minimum rights to the Tanium UI were documented. Is this documented anywhere official? I see something that says you need an account with Admin rights to the UI but it does not say that the svc account needs admin. And there is a spot where it says the svc account needs data reader on the staging DB. But again, nothing we can see about UI permissions.

(1) Solution

Roles and permissions in Tanium are the same for the API as for the console.
"Asset Report Reader" would be the preferred role as it only has read access, compared to "Asset User" role which has write access as well. 

Role privileges can be found here: https://docs.tanium.com/asset/asset/requirements.html?Highlight=Roles#user_roles

View solution in original post

(2) Replies

The account that is configured in FlexNet Beacon doesn’t need to have admin rights. Account with “Asset User” role would suffice.

I’ve reached out to Tanium to understand their recommendation of a role with minimum rights that an account needs to have, for FlexNet beacon to make REST API calls and fetch data from Tanium Asset.

Roles and permissions in Tanium are the same for the API as for the console.
"Asset Report Reader" would be the preferred role as it only has read access, compared to "Asset User" role which has write access as well. 

Role privileges can be found here: https://docs.tanium.com/asset/asset/requirements.html?Highlight=Roles#user_roles