Analyze

Quickly inspect relationships between users, groups, and roles.

Early Access: Veza Analyze queries are currently available as an optional feature. Contact the Veza support team to learn more and to enable for your Veza tenant.

You can investigate users, groups, and role assignments from the Access Intelligence > Analyze page. This feature offers a simple interface to review a variety of authorization relationships for an individual entity.

For comparing access permissions between entities, see the Compare feature. For identifying toxic access combinations and Separation of Duties violations, see the dedicated Separation of Duties (SoD) feature.

For example, Analyze page offers a way to:

show all users that can assume a Snowflake role.
find all users or other groups that belong to an Active Directory group.
find all groups or roles that an AWS IAM user can assume or is assigned.

After running an analyze, you can review the results immediately or open the search in Query Builder to add parameters and assign rules and risk levels.

Analyzing a user, group, or role

Click User Analyze, Group Analyze, or Role Analyze.
Use the Type dropdown to choose the user, group, or role by provider (such as "Salesforce User").
Select an individual entity from the second dropdown.
Pick the Analyze query to run on the chosen entity.

If results are available, they will appear in the table of records.

Click Columns to show or hide any group, role, or user properties
Click Open in Query Builder to open a search in Query Builder, with an attribute filter on the entity name.

Analyze queries

The possible analyze options depend on whether you have chosen a user, group, role, and the entity's provider integration. The following actions are available based on the specified entity category:

User
- All Groups the User is in
- All Roles the User can assume
Group
- All Users that are in the Group
- All Roles the Group can assume
Role
- All Users that can assume the Role
- All Roles that can assume the Role

PreviousRisks NextCompare

Last updated 1 day ago

Was this helpful?

Analyze

Quickly inspect relationships between users, groups, and roles.

Early Access: Veza Analyze queries are currently available as an optional feature. Contact the Veza support team to learn more and to enable for your Veza tenant.

For example, Analyze page offers a way to:

show all users that can assume a Snowflake role.
find all users or other groups that belong to an Active Directory group.
find all groups or roles that an AWS IAM user can assume or is assigned.

After running an analyze, you can review the results immediately or open the search in Query Builder to add parameters and assign rules and risk levels.

Analyzing a user, group, or role

Click User Analyze, Group Analyze, or Role Analyze.
Use the Type dropdown to choose the user, group, or role by provider (such as "Salesforce User").
Select an individual entity from the second dropdown.
Pick the Analyze query to run on the chosen entity.

If results are available, they will appear in the table of records.

Click Columns to show or hide any group, role, or user properties
Click Open in Query Builder to open a search in Query Builder, with an attribute filter on the entity name.

Analyze queries

The possible analyze options depend on whether you have chosen a user, group, role, and the entity's provider integration. The following actions are available based on the specified entity category:

User
- All Groups the User is in
- All Roles the User can assume
Group
- All Users that are in the Group
- All Roles the Group can assume
Role
- All Users that can assume the Role
- All Roles that can assume the Role

PreviousRisks NextCompare

Last updated 1 day ago

Was this helpful?