Analysis
Quickly inspect relationships between users, groups, and roles.
Experimental: Veza Analysis queries are currently available in early access. Contact the Veza support team to learn more and to enable the feature.
You can investigate users, groups, and role assignments from the Access Intelligence > Analysis page. This feature offers a simple interface to review a variety of authorization relationships for an individual entity.
For example, Analysis page offers a way to:
show all users that can assume a Snowflake role.
find all users or other groups that belong to an Active Directory group.
find all groups or roles that an AWS IAM user can assume or is assigned.
After running an analysis, you can review the results immediately or open the search in Query Builder to add parameters and assign rules and risk levels.
Analyzing a user, group, or role
Click User Analysis, Group Analysis, or Role Analysis.
Use the Type dropdown to choose the user, group, or role by provider (such as "Salesforce User").
Select an individual entity from the second dropdown.
Pick the Analysis query to run on the chosen entity.
If results are available, they will appear in the table of records.
Click Columns to show or hide any group, role, or user properties
Click Open in Query Builder to open a search in Query Builder, with an attribute filter on the entity name.
Analysis queries
The possible analysis options depend on whether you have chosen a user, group, role, and the entity's provider integration. The following actions are available based on the specified entity category:
User
All Groups the User is in
All Roles the User can assume
Group
All Users that are in the Group
All Roles the Group can assume
Role
All Users that can assume the Role
All Roles that can assume the Role
Last updated