# Manage risk exceptions ## Overview This guide explains how to manage exceptions for risk queries in Veza. When an entity appears in a risk query but represents an intentional or acceptable configuration, you can mark it as an exception. Exceptions acknowledge that you have reviewed the flagged access and determined it does not require action. Use exceptions to: * Acknowledge intentional configurations that trigger risk queries * Reduce noise from known acceptable access patterns * Document decisions for audit and compliance purposes * Move risks to "Resolved" status without changing the underlying access ## Before you start Before marking exceptions: * Review the flagged entity to understand why it matches the risk query * Confirm the access is intentional and acceptable per your security policies * Prepare a note explaining why the exception is appropriate ## When to use exceptions Exceptions are appropriate when: * **Intentional configuration**: The access is by design, such as a break-glass account with elevated privileges * **Business requirement**: The access is necessary for a specific business function and has been approved * **False positive**: The query logic flags something that is not actually a risk in your environment * **Temporary acceptance**: The risk is known and scheduled for resolution, but you want to track it separately Exceptions are not appropriate when: * The access should be removed or modified * You haven't reviewed the entity to understand why it's flagged * The exception would mask a genuine security issue ## Mark entities as exceptions ### From the All Risks tab 1. Go to **Access Intelligence** > **Risks**. 2. On the **All Risks** tab, click the **Affected Entities** count for a query. 3. Select the entities you want to mark as exceptions. 4. Click **Mark as Exception**. 5. Add a note explaining why the exception is appropriate. 6. Click **Confirm**. ### From the Actions menu 1. On the **All Risks** tab, click the **Actions** menu (⋮) for a query. 2. Select **Manage Exceptions**. 3. Review the list of affected entities. 4. Select entities and click **Mark as Exception**. 5. Add a note and click **Confirm**. ## Use Bulk Omit to exclude queries from scoring If a query consistently produces false positives for certain entities, you can exclude it from their risk score calculation using Bulk Omit. 1. In **Query Details** > **Results** view, click on a risk score to view score details in the sidebar. 2. Click **Bulk Omit**. 3. Select the queries you want to exclude from the calculation. 4. Click **Omit Selection**. The risk score will recalculate within a few hours to reflect the exclusion. This is useful when specific queries don't represent genuine risks for certain entity types or configurations. ## Review existing exceptions To see which entities have been marked as exceptions for a query: 1. Go to **Access Intelligence** > **Risks**. 2. On the **All Risks** tab, review the **Exceptions** column for each query. 3. Click the exceptions count to view the list of excepted entities. ## Remove exceptions If an exception is no longer appropriate: 1. Navigate to the query's exception list. 2. Select the entities to remove from exceptions. 3. Click **Remove Exception**. The entities will return to the affected entities list, and the risk will reopen if it was previously resolved. ## How exceptions affect risk status A risk query's status depends on its results and exceptions: * **Open**: The query has one or more affected entities that are not marked as exceptions * **Resolved**: All affected entities are marked as exceptions, OR the query returns no results When you mark all affected entities as exceptions, the risk automatically becomes Resolved. If new entities later match the query, the risk will reopen. ## Alternative: Refine the query Instead of marking exceptions, you can modify the query to exclude certain entities automatically: 1. Click **Actions** > **Open in Query Builder**. 2. Add filter conditions to exclude entities that don't represent genuine risks. 3. Save the updated query. This approach is better when you have a pattern of entities that should always be excluded, rather than individual one-off exceptions. ## See also * [Access Risks](/4yItIzMvkpAvMVFAamTf/features/insights/risks.md) * [Investigate risks](/4yItIzMvkpAvMVFAamTf/features/insights/risks/investigate-risks.md) * [Configure risk levels and profiles](/4yItIzMvkpAvMVFAamTf/features/insights/risks/configure-risk-levels-and-profiles.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/insights/risks/manage-risk-exceptions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.