I'd like to get some input from the group as to the best way to set something up.
I have a research team based in China that will be using the API to access Enterprise. I want them to be able to run local Vulnerability scans, but not outside their local area.
Is the best way to set this up to create an API user with "Scanner" usage level, and limit to a Business Unit that only contains IPs in China? Or should they be Unit Manager?
Any suggestions would be appreciated