TenableSC: policies.edit() silently fails to apply owner/group/share_all changes after policies.create() #979
Description
I am building an automated synchronization tool that copies audit files, scan policies, and scan configurations from one TenableSC instance (Site A) to another (Site B). The workflow requires creating policies on Site B and then assigning them to a specific group so they become shared objects (ID < 1,000,000). These shared policies are then used when cloning scans. I can get the audit files and policies recreated at Site B, but the scan configuration is failing.
The issue prevents the automation from functioning because policies created through pyTenable remain private even after calling policies.edit(), which blocks scan creation on Site B. The goal is to reliably create and share policies programmatically so that downstream scan cloning works as expected.
When creating a policy in TenableSC using pyTenable, sc.policies.create() succeeds and returns a valid policy ID. However, calling sc.policies.edit() immediately afterward to assign the policy to a group, change the owner, or set share_all=True silently fails. No exception is raised, but the policy remains private and unshared. The SDK reports success, but the policy’s owner, groups, and shared status do not change.
To Reproduce
Authenticate to TenableSC using an API user.
Create a policy:
new_pol = sc.policies.create(name="TestPolicy", template_id=9)
Attempt to share the policy:
sc.policies.edit(new_pol["id"], owner=group_id, groups=[group_id], share_all=True)
Re-fetch the policy:
details = sc.policies.details(new_pol["id"])
print(details)
Observe that:
owner is unchanged
groups list is unchanged
policy ID remains ≥ 1,000,000 (still private)
no error or warning is raised
Expected behavior
policies.edit() should update the policy’s owner, group assignments, and shared status. If TenableSC rejects the update (e.g., due to permissions), pyTenable should raise an exception or return an error instead of silently succeeding.
System Information
OS: Linux 4.18.0-553.81.1.el8_10.x86_64
Architecture: x86_64
Python Version: 3.6.8 (default, Aug 11 2025, 09:47:15) [GCC 8.5.0 20210514 (Red Hat 8.5.0-28)]
Memory: 31.38 GB
Additional context
TenableSC will reject sharing operations if the API user has no group membership (e.g., authType="tns"). However, pyTenable does not surface this failure and returns success even though the policy is not modified. This silent failure makes it impossible to detect when a policy remains private, which breaks downstream scan creation.
I have attached the script that I'm using in my workflow.