# Access Path Risk Score ## Overview Access reviews that use [Access Intelligence](/4yItIzMvkpAvMVFAamTf/features/insights/risks.md) include a **Risk Score** column in the reviewer interface. This column consolidates the risk signals associated with each access path — across identities, intermediate groups or roles, and destination resources — into a single numeric score per row. Without this score, reviewers must examine separate risk columns for source users, destination resources, and other entities to assess overall exposure for a given row. The Risk Score surfaces that combined picture in one place, making it easier to sort, filter, and prioritize decisions. {% hint style="info" %} **Prerequisite**: Access Intelligence must be enabled on the review configuration for Risk Scores to appear. See [1-Step Access Reviews](/4yItIzMvkpAvMVFAamTf/features/access-reviews/configuration/1-step-review.md) or the [Access Reviews Query Builder](/4yItIzMvkpAvMVFAamTf/features/access-reviews/configuration/access-reviews-query-builder.md) to enable it. {% endhint %} ## How risk scores are calculated Risk Scores are calculated at review creation time, after the assessment query has completed. This ensures that all necessary component risk scores, outlier predictions, and effective permissions are factored into the result. Scores are **snapshot-based** — they are calculated once when the review is created and are not recalculated when underlying data changes. The score is a whole number from **0 to 100**. ## Risk level tiers The numeric Risk Score maps to a risk level tier: {% hint style="info" %} These thresholds apply to Access Reviews created in Veza v2026.5.18-1 and later. Reviews created in earlier versions retain the legacy risk level bands. {% endhint %} | Score range | Risk level | | ----------- | ---------- | | ≥ 75 | Critical | | 50–74 | High | | 25–49 | Medium | | 10–24 | Low | | < 10 | None | ## Risk Score in the review table When Access Intelligence is enabled, the reviewer interface includes a **Risk Score** column. Each row displays the score as a color-coded number: lower scores appear in muted tones, and higher scores appear in progressively stronger colors (orange through red) to draw attention to elevated risk. A **Risk Level** column (Critical / High / Medium / Low) is shown alongside it, derived from the same access path risk score using the tiers above. Clicking a Risk Score value in the table opens the row details panel to the **Risks** tab, where individual entity risk scores and contributing risk factors are listed. ## Sorting and filtering The **Risk Score** column supports: * **Sorting** — click the column header to sort ascending or descending by numeric score * **Filtering** — filter by exact score value, by range (greater than, less than, etc.), or by **Risk Level** tier (Critical, High, Medium, Low) ## Row details The row details panel shows the **Risk Score** prominently. The **Risks** tab lists all individual entity risk scores and contributing risk factors for every entity in the access path, providing full explainability for what drove the score. ## Exporting risk scores The `access_path_risk_score` field is included as an integer in both CSV and XLSX exports. To export review rows, see [Exporting review rows](/4yItIzMvkpAvMVFAamTf/features/access-reviews/how-to/reviewer-interface.md#exporting-review-rows). ## Backward compatibility Risk Scores are only available on reviews created after this feature was released. The **Risk Score** column does not appear for older reviews to avoid showing empty values. Those reviews continue to display per-entity risk score columns and the Risk Level column as before. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/access-reviews/how-to/access-path-risk-score.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.