Source-Only Access Reviews

Review users, groups, resources, or other entities by configuring an Access Review with no destination entity type.

Overview

Access Reviews are designed to show information about the access a source entity has to another destination entity, including details about the relationship and resulting permissions. When the review scope does not include a destination, the review will instead list all results of the source type, constrained by filters and other query parameters.

Only specifying a source entity type enables simple yet comprehensive review of:

All human or machine identities in an organization
All local accounts or groups in an integrated application
All resources of a certain type, such S3 Buckets, Snowflake Databases, or OAA Custom Applications.
The results of queries with risk levels.

Many out-of-the-box Veza queries return a single entity type (if Show [Destination Entities] is not enabled.). You can create an Access Review from a Saved Query as a way to remediate Risks and take action on results that appear on Veza Dashboards.

Access reviews for a Single Entity Type

To review a single entity type:

Create a configuration.
In the Query section of the configuration builder:
2.1. Select the Source entity type from the dropdown.
2.2. Leave the Destination blank.
2.3. (Optional) Add Filters to constrain the output.
Finish and Save the configuration.

After creating a review for the configuration, reviewers can view detailed metadata for each entity and approve or reject each one.

PreviousAccess Reviews with Saved Queries NextAccess Monitoring

Last updated 8 months ago

Was this helpful?