Entities

Entities represent the authorization, data, and identity objects discovered by Veza, that appear as Query Builder results and as related nodes in Graph search. Entities can be data services or resources, identity domains, users or groups, and IAM or RBAC elements such as policies and roles. You can use the Access Intelligence Overview page to review all the entities from all connected integrations and open them in Query Builder to view details.

Configuring an identity, cloud, or other data provider enables Veza to gather a range of authorization metadata. This metadata includes relationships between federated identities, application users, service accounts, and groups and roles. Entities can also represent services and data resources, and permissions on these resources. These entities constitute the Veza authorization graph, which can be queried to identify Risks, define Rules, conduct Access Reviews, and enable automated Lifecycle Management workflows.

Queries typically specify source and destination entity types, such as Okta Users related to AWS S3 Buckets or Google Users related to Google Groups, returning all entities with that relationship. Higher-level Entity Type Groupings, such as All Users or All Resources, enable search across multiple entity types simultaneously, or within specific types within a group. For example, the User entity type grouping includes all entities that Veza categorizes as a user, such as Okta Users, Snowflake Local Users, and AWS IAM Users.

Entity metadata attributes are the rich properties associated with each node in the graph. You can use filters to refine search results based on these attributes, which can potentially include custom properties if the integration supports them. Some attributes may be added by Veza during parsing (such as risk_score, identity_type, or full_admin), while most are ingested directly from the integration data source (such as mfa_enabled for users or is_encrypted for S3 Buckets).