On-Demand Reviews

Early Access: On-Demand Reviews are currently provided as an Early Access feature. Please contact the Customer Success team to enable this functionality on your Veza platform.

Overview

Veza Access Reviews support on-demand reviews using Access Intelligence alert rules. By attaching review creation rules to saved queries, you can trigger the creation of new reviews in response to changes in your authorization environment. This type of access review might be initiated whenever new user accounts are detected within an application, new entitlements are granted, a user's risk level increases, or if MFA is removed or disabled for an account.

On-demand reviews support Review Intelligence rules, and are created with a duration and reviewer assignments based on the rule configuration.

Common scenarios for implementing on-demand reviews include:

• Automatically reviewing access for terminated employees

• Certifying access when users are added to new roles

• Validating permissions after attribute changes

• Reviewing orphaned or inactive accounts

Important concepts:

• Rules are conditions attached to saved queries that trigger automated actions when met.

• Review Creation Plans are rule settings that define how new reviews will be created.

• Rule Triggers are attribute-based or change-based criteria that initiate review creation (for example, when the query results have increased, or when an entity's is_active attribute changes).

• Creation Source: On the Access Reviews page, you can identify the source of a review by checking the Creation Source column. On-demand rules will have the source RULE_TRIGGERED.

Implementing On-Demand Reviews

Prerequisites

Before configuring on-demand reviews, you will need to:

1. Create at least one access review configuration defining the scope of reviews.

2. Build and save a query that identifies the entities requiring review, or use a built-in query.

Add a Rule for On-Demand Reviews

To add a review creation rule:

1. Navigate to the saved query

2. Select "Manage Rules" from the actions menu

3. Click "Add New Rule"

4. Configure the rule details:

   • Name and description

   • Severity level

   • Trigger conditions

5. Click Action -> Create Review to open the review creation plan.

6. Configure the plan and save it.

7. Save the rule, and click Save again to finish modifying the query.

To configure the review creation plan

1. Click Configure New On-Demand Review

2. Select an existing review configuration

3. Set the duration for the review

4. Specify the reviewer assignment logic

5. Enable any Review Intelligence Rules

6. Save the plan.

New reviews will start based on this creation plan when the rule conditions are met. Note that on-demand reviews are always created from the most recent graph snapshot data when the rule activates.

Rule Evaluation

• Rules are evaluated on a regular schedule aligned with data extraction intervals

• Multiple rules can be attached to a single query

• Each rule can include more than one review creation plan

• The same review configuration can be used across multiple rules

Related Topics