# Configure risk levels and profiles ## Overview This guide explains how to configure risk levels and Risk Profiles for saved queries in Veza. When you assign a risk level to a query, entities that match the query receive a risk score. Risk Profiles categorize queries by the type of authorization issue they detect, helping you organize and prioritize risks. Use risk configuration to: * Enable risk scoring for custom queries * Categorize risks for easier triage and reporting * Adjust severity levels to match your organization's priorities * Organize dashboard views by risk category ## Risk profiles reference Risk Profiles categorize queries by the type of authorization issue they detect. The following profiles are available: | Risk Profile | Description | | -------------------- | --------------------------------------------------------------------------------- | | **MFA Health** | Queries identifying accounts without multi-factor authentication configured | | **Privilege Access** | Queries detecting over-privileged accounts or excessive permissions | | **Blast Radius** | Queries measuring potential impact scope of compromised credentials | | **Dormant Access** | Queries finding unused or inactive access rights | | **Orphaned Access** | Queries identifying access without valid ownership or justification | | **Access Risk** | General access-related security concerns | | **Identity Hygiene** | Queries detecting identity management issues (stale accounts, missing attributes) | | **Informational** | Non-risk queries for reporting and visibility purposes | {% hint style="info" %} Veza enforces compatibility between risk profiles and risk levels. For example, the "Informational" profile can only be assigned to queries with "None" risk level, since informational queries are not risks. {% endhint %} ## Before you start Before configuring risk levels and profiles: * Create or identify the saved query you want to configure * Determine the appropriate severity level (Critical, High, Medium, or Low) * Review the Risk Profile categories to select the best match ## Assign a risk level when saving a query When you save a new query or edit an existing one, you can set its risk level and profiles. 1. Open the query in **Query Builder** or the **Saved Query Details** view. 2. Click **Edit**, then click **Save**. 3. In the save dialog, select a **Risk Level** (Critical, High, Medium, or Low). 4. Select a **Risk Profile** that describes the type of risk. 5. Click **Save**. Entities that match the query will now receive risk scores based on the assigned severity. ## Update risk details for an existing query Use the **Manage Risk Details** modal to update risk configuration for any query that already has a risk level. ![The Manage Risk Details modal showing risk level and Risk Profile options](/files/BExKWoxb8MXS55PHYmQ2) ### From the Risks page 1. Go to **Access Intelligence** > **Risks**. 2. On the **All Risks** tab, find the query you want to update. 3. Click the **Actions** menu (⋮) and select **Manage Risk Details**. 4. Update the **Risk Level** and **Risk Profile** as needed. 5. Click **Save**. ### From a Dashboard 1. Go to **Dashboards**. 2. Open a dashboard and click a risk query tile. 3. On the query details page, click the **Actions** menu (⋮). 4. Select **Manage Risk Details**. 5. Update the settings and click **Save**. ### From the Queries page 1. Go to **Access Visibility** > **Queries**. 2. Find the query and click the **Actions** menu (⋮). 3. Select **Manage Risk Details**. 4. Update the settings and click **Save**. ## Set a risk level for queries without one To find and configure queries that don't have risk levels: 1. Go to **Access Visibility** > **Queries**. 2. Use the **Risk Level** filter and select **None**. 3. Review queries that might represent risks. 4. Click the **Actions** menu (⋮) and select **Manage Risk Details**. 5. Choose the appropriate severity and Risk Profile. 6. Click **Save**. ## Use Risk Profiles on dashboards Risk Profiles can organize how queries appear on dashboards. 1. Go to **Dashboards**. 2. Open a dashboard. 3. Click the **Group By** button (shows the current grouping, such as "Group By Section"). 4. Select **Risk Profile** from the dropdown. Dashboard widgets will be grouped by their assigned Risk Profile categories, making it easier to see risk distribution across categories. ## Limitations **Veza-created query restrictions**: By default, queries created by Veza have pre-assigned Risk Profiles that you cannot modify. You can change the risk level for these queries, but the Risk Profile selection is disabled. This preserves system-defined categorizations while allowing you to adjust severity based on your priorities. As of v2026.1.19, organizations can request access to the **OOTB Query Risk Profiles** feature (Early Access), which enables modifying Risk Profiles for Veza-created queries. Contact your Veza representative to enable this capability. ## See also * [Access Risks](/4yItIzMvkpAvMVFAamTf/features/insights/risks.md) * [Investigate risks](/4yItIzMvkpAvMVFAamTf/features/insights/risks/investigate-risks.md) * [Dashboards](/4yItIzMvkpAvMVFAamTf/features/insights/dashboards.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/insights/risks/configure-risk-levels-and-profiles.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.