search
Release Notes

Private APIs

Documentation for Veza's private APIs for advanced access assessments

hashtag
Overview

This section contains documentation for APIs in the private/ namespace for advanced access assessment capabilities. These APIs currently support advanced role analysis, entitlement comparisons, and access management for Snowflake environments.

hashtag
Available APIs

API
Description

Get Access Relationship

Identifies grantees (such as roles) that provide specific access permissions to a given identity for a set of resources

Role Existence

Checks whether a role with specific resource permissions already exists

Role Maintenance

Simulates modifications to an existing role's permissions and checks if other roles with the resulting permission set already exist

Cohort Role Analysis

Provides insights into role accessibility for users within a specified cost center

hashtag
Common Use Cases

These APIs enable several identity security use cases:

  1. Role Rationalization: Identify and consolidate redundant roles to simplify access management

  2. Least Privilege Implementation: Find roles that provide necessary access with minimal excess permissions

  3. Access Governance: Maintain a minimal set of roles by identifying functionally equivalent roles

  4. Access Pattern Analysis: Discover common access patterns among users in the same organizational unit

  5. Privileged Access Management: Analyze what additional privileges different roles would provide to a user

hashtag
Limitations

  • These features are currently limited to the Snowflake integration.

  • Some APIs may have performance limitations with highly connected identities or complex permission structures.

hashtag
Related Documentation

PreviousGet query spec resultsNextGet Access Relationship

Last updated

Was this helpful?