🔎Access Visibility

Veza parses authorization metadata for connected cloud providers and data sources, which you can interact with using powerful Search interfaces. Access Search includes the Query Builder and Authorization Graph, providing interfaces for exploring identity and data authorization relationships.

Search interfaces

Veza offers a query builder and visual graph search to help you understand and monitor the relationships between entities in the Authorization Graph.

Each search mode can answer questions such as:

• Graph: "What policies enable Microsoft Azure AD identities to reach sensitive Google Cloud projects?"

• Query Builder: "How many Okta users can view tickets in our service desk application?"

The Authorization Graph (AG) shows the full path of permissions for the selected entity or types of entities (such as Okta User to Snowflake Table). Graph search results include the intermediate roles, policies, groups, or other component entities that result in an identity's cumulative permissions on a resource. You can click on an individual result to view more details or traverse the graph to view other connected entities.

Graph search is ideal for checking the blast radius of a risk, inspecting all the resources an identity can access, and exploring connections between different entity types.

The Query Builder provides results in a table and can be used to establish security baselines when associated with Alert Rules, Reports, and Risks. The Query Builder lets you review all source or destination entity attributes and create fine-grained searches using these properties.

For example, you could create a query to warn whenever the number of users with access to a resource changes or when users become dormant. Queries will return results based on the chosen entity or type of entity, a specified destination, and any applied filters. Columns will contain additional entity properties and permission details.

Saved searches and built-in insights

When viewing Saved Queries and Veza Insights, you can view the results in Authorization Graph or open the original query in Query Builder. To customize an assessment, open it in the Query Builder. You can modify the underlying conditions or save a copy before adding it to a report.

Veza ships with hundreds of out-of-the-box Saved Queries to offer a starting point for customized queries and provide immediate insight into integrated data sources. You can browse some of these from the Reports page or create a new Report to review and add queries based on label or integration type.

Search Resources

See the following pages for more about Veza search interfaces and concepts:

• Graph Search

• Query Builder

• Saved Queries

• Search Filters

• Query Modes

• Tags

• Intermediate Entities

• Regular Expressions

• Tagged Entity Search