We made the following changes to improve scan visibility and performance.
With AGMS enabled, all asset validation checks happen at the time the scan is launched and not when scan results are viewed. This is because a scan result represents a point in time and is considered immutable or unable to change. If you were able to launch the scan then you should have access to the scan result, even if your asset assignment changes after the scan is launched. For example, if you launch a scan on 100 IP addresses you’ll see scan results data for all 100 IPs even if 10 of those IPs are later removed from your assigned assets. The next time you launch or schedule a scan only the 90 remaining IPs will be available.
By default, when AGMS is enabled, users can view and take action (download, cancel, delete) on their own scans and scans launched by their sub-users. Users by default will not see scans launched by their Managers even on assigned assets.
As a sub-user, to see scans launched by your Managers, you must choose the option "Show In Scope Scan List" above the data list. When selected, we'll refresh the list so it includes finished scans on assigned assets (assets in your user scope) that were launched by your Managers. Sub-users will only see scans by their Managers that are finished with scan results that have been processed. This is because the host ID is assigned to an asset during scan processing and it's only after the host ID is assigned that the scan can be mapped to the sub-user's scope.
For example, let's say a new IP address is added to the subscription and assigned to a sub-user. The Manager launches a scan on the new IP. The scan will appear immediately to Managers, but the sub-user with the IP assigned will only see the scan after the scan is finished and the scan results are processed, and only when using the "Show In Scope Scan List" option.
Please note that the "Show In Scope Scan List" option only appears to sub-users. Managers will not see this option because they have access to all assets.
When an asset in a sub-user's scope has been purged by a Manager, the scan results for that asset will no longer be visible to the sub-user on the Scans data list (or in the Scan List API output).
For example, let's say IP 10.10.10.10 is assigned to sub-user Jake. Jake is able to see finished scans on IP 10.10.10.10 launched by his Manager when using the "Show In Scope Scan List" option. If the IP is later purged by the Manager, then all scan data for the asset is removed and scans on the IP that were previously visible to Jake on the Scans data list will no longer show up. If a scan was launched on multiple IPs, including the purged IP and other IPs that were not purged, then the scan will be listed but the scan results will not include results for the purged IP.