# Saved Queries Use the **Access Visibility** > *Queries* page to review and manage all queries within Veza. This includes both pre-built assessments and user-created queries composed using the [Query Builder](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/search/query-builder). Veza ships with hundreds of pre-built security queries, organized by integration, category, and use case. Many of these out-of-the-box queries are featured in Veza's dashboards. You can customize dashboards by cloning existing queries, editing them, or creating new queries. This flexibility enables tailoring Veza insights to your specific security needs and environment. You can use saved queries to: * **Set risk levels for entities**: Define [Risks](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/insights/risks), marking entities in the query results with a risk score. * **Define access Review scopes**: Choose a saved query when creating a [Review Configuration](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/access-reviews/how-to/review-configuration#step-2-define-the-review-scope) to review the current query results, once or according to a schedule. * **Trigger Alerts, Email Notifications, and Veza Actions**: Saved queries can trigger [Alert Rules](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/insights/rules-and-alerts) when the results or their attribute values meet certain conditions. * **Create shared dashboards for Veza users and teams**: Create custom [Dashboards](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/insights/dashboards) to organize and share queries. * **Identify NHI, critical resources, and privileged roles**: Define [Enrichment Rules](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/configuration/enrichment) to mark saved query results as privileged roles, human or non-human identities, or set the criticality level of resources that meet the query conditions. * **Export Results**: Download or schedule result exports in CSV format, by email or to an integrated [Snowflake database](https://github.com/cookieai-jar/cookie-docs/blob/main/docs/integrations/snowflake/saved-query-export-to-snowflake.png). ## Query visibility Query visibility in Veza is controlled by two factors: the query's **visibility setting** (Public or Private) and your **team's integration scope**. ### Query visibility settings Each saved query has a visibility setting that determines who can access it: | Visibility | Who can access | | --------------------- | ----------------------------------------------------------------------------------------------------------------------- | | **Private** (default) | The query creator, users explicitly added as query owners, and users with the Admin role | | **Public** | Any authenticated Veza user in your tenant with a role that includes query access (Admin, Operator, Viewer, or similar) | {% hint style="info" %} **Adding query owners** is currently only available via the API. Use the [Update query owners](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/developers/api/query-builder/updateassessmentquerypermissions) endpoint to specify which users can access a private query by user ID. {% endhint %} {% hint style="warning" %} **Visibility is a one-way setting.** Once a query is set to **Public**, it cannot be reverted to Private. Carefully consider this before making a query public. {% endhint %} {% hint style="info" %} **Changing query visibility** requires the Operator role or higher, and you must be logged in as a member of the **root team**. Users in non-root teams, or with only the Viewer role, cannot change a query's visibility setting. {% endhint %} ### Sharing queries across teams Custom queries are **Private by default** and are not visible to users in other teams. To make a query accessible to users in non-root teams, set its visibility to **Public** via **Edit Configuration** → **Visibility**. {% hint style="info" %} Even after setting a query to Public, each team sees results scoped to their integration access. Users in a non-root team can see the query but will only see data from integrations within their team's scope. {% endhint %} To share multiple queries with another team, the recommended approach is to add them to a [shared dashboard](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/insights/dashboards/dashboard-sharing). ### Visibility by team and role Beyond the visibility setting, your role and team membership determine what queries you see: | Context | Query access | Result scope | | ------------------------------------------------------------------ | --------------------------------------------- | -------------------------------------- | | **Admin role (any team)** | All queries, regardless of visibility setting | All integrations | | **Root team — Operator, Access Reviews Admin, NHI Security Admin** | Public queries + queries you created or own | All integrations | | **Root team — Viewer** | Public queries + queries you created or own | All integrations | | **Non-root team — any role** | Public queries + queries you created or own | Only integrations in your team's scope | {% hint style="info" %} Pre-built Veza queries are Public and visible to all users. Users in non-root teams see the pre-built queries filtered to the integrations their team has access to. {% endhint %} ## Sharing queries Veza provides four ways to share queries or query results with other users and teams: ### 1. Share via URL (copy link) From the **Query Details** page, click the share icon to copy the query URL to your clipboard. Send this link to other Veza users to give them direct access to the Query Details page. **Who can use the link:** * The recipient must be an **authenticated Veza user in the same tenant** * For **Public** queries: any authenticated user with a role that includes query access (Admin, Operator, Viewer, or similar) * For **Private** queries: only the query creator, users added as query owners, or users with the Admin role {% hint style="info" %} The shared link requires authentication. Recipients who are not signed in are redirected to the Veza login page. The link does not bypass access controls. {% endhint %} ### 2. Share via dashboard Add the query to a custom dashboard, then share the dashboard with other teams or via email. This is the recommended approach for making queries accessible across teams. * **Share with teams**: Requires Operator role or higher. The shared dashboard appears in the recipient team's **Shared** section. * **Share via email**: Available to any role. Sends a notification email with a link to view the dashboard. See [Dashboard Sharing](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/insights/dashboards/dashboard-sharing) for full details. {% hint style="info" %} When a dashboard is shared with a team, users in that team can view all queries on the dashboard, scoped to their integration access. No separate query-level permission changes are needed. {% endhint %} ### 3. Share results via Remediate From the **Query Details** page, click **Remediate** to send query results directly to a Slack channel or email recipients. {% tabs %} {% tab title="Share via Slack" %} 1. Click **Remediate** and select **Share via Slack**. 2. Select one or more configured Slack Veza Actions. 3. Optionally add a note. 4. Click **Send**. The query results are posted to the selected Slack channel(s). Requires at least one configured Slack Veza Action under **Settings** > **Notifications**. See [Remediate via Slack](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/insights/remediation-actions/remediation-slack). {% endtab %} {% tab title="Share via Email" %} 1. Select specific rows in the query results table. 2. Click the share icon and select **Share via Email**. 3. Select email recipients, add an optional subject and note. 4. Click **Send**. {% endtab %} {% endtabs %} {% hint style="warning" %} Sharing via Remediate requires the **Query Remediation** feature to be enabled for your tenant, and the Remediate permission held by Admin, Operator, Access Reviews Admin, and NHI Security Admin roles. {% endhint %} ### 4. Export results Download or schedule delivery of query results as a file: | Export method | Format | Description | | ---------------------------------- | ------------------------- | ------------------------------------------------------------------------------------------- | | **Save Results as CSV** | CSV (immediate download) | Downloads the full result set immediately. Disabled when results reach 10,000 rows or more. | | **Send email with Results as CSV** | CSV attachment via email | Delivers results to your email address as a CSV attachment. | | **Export to Snowflake** | Sent to Snowflake | Sends results to a connected Snowflake database. | | **Schedule Export** | CSV via secure email link | Delivers results on a recurring schedule; links expire after 28 days. | {% hint style="info" %} **Save Results as CSV**, **Send email with Results as CSV**, and **Schedule Export** are available from both the saved query details page and Query Builder. **Export to Snowflake**, **Copy Query Spec API**, and **View Query Spec API** are only available in Query Builder. {% endhint %} See [Scheduled Exports of Query Results](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/insights/dashboards/query-export-to-email) for details on scheduled delivery. ### Managing saved queries On the Saved Queries page, use the **Actions** button to the right of each query to choose from available actions, which include: * **Manage Rules**: Define and edit [Alert Rules](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/insights/rules-and-alerts) for the query. * **View Alerts**: Review alert details for the query. * **Schedule Export**: Configure [Schedule Export](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/insights/dashboards/query-export-to-email) for the query. * **Set Risk Level**: Define a [Risk Level](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/insights/risks) for the query. * **Clone**: Create a copy of the query. * **Delete**: Remove the query. * **Open in Query Builder**: Edit the query. #### Editing saved queries Editing saved queries allows you to refine and customize your security assessments as your environment evolves, and ensure that your security insights remain relevant and accurate over time. You might edit a query to: * Adjust filters to include or exclude specific entities * Modify the query scope as new integrations are added * Update risk levels or alert conditions * Fine-tune the query for better performance or more targeted results To edit a saved query: 1. Open the **Access Visibility** > **Queries** page and find a query you want to edit or act on. 2. Click on the query name to edit it in [Query Builder](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/search/query-builder). 3. Make any changes and click *Save* to finish saving the query. Use the Query Builder *Save* menu to perform specific actions for the query: ![Saved query options](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-5f342ace174d864c14e13ac3f99defa8fbbeb5dd%2Fsave-query-options.png?alt=media) * **Quick Save**: Quickly save any new filters without changing other settings. * **Save as New**: Copy this query to modify it while preserving the original. * **View Details**: Show configuration details and metadata for this saved query. * **Edit Configuration**: Modify the basic settings of this query, including name, description, and **visibility** (Private or Public). Setting a query to Public makes it visible to all authenticated users in your tenant. Note that Public queries **cannot be changed back to Private**. * **Edit Rules**: Configure or modify alert rules associated with this query. * **Edit Dashboards**: Add this query to dashboards or remove it from dashboards it's currently part of. * **Save Results as CSV**: Download the current query results as a CSV file. Disabled when results reach 10,000 rows or more. * **Send email with Results as CSV**: Deliver results to your email address as a CSV attachment. * **Export to Snowflake**: Send the query results to a connected Snowflake database. * **Schedule Export**: Set up an automated, recurring export of this query's results. * **Copy Query Spec API**: Copy the API specification for this query for use with the Veza Query Builder API. * **View Query Spec API**: Display the API specification for this query for reference or debugging. ### Viewing saved query results Veza offers different ways to view and analyze saved query results, each suited to different use cases. We recommend starting with the Query Details view for a quick, accessible overview of your results. From there, you can dive deeper into other views as needed for more detailed analysis. You can access each view using the **Actions** menu on the **Saved Queries** page: * **Query Details**: A simplified view of your query results, ideal for: * Quick overviews of key findings * Reviewing trends and changes over time * Accessing associated risks, rules, and reports * **Query Builder**: A comprehensive, tabular view of results and query editor. Use this when you need to: * Perform detailed analysis of all entity attributes * Apply additional filters or modify the query * Export granular data for further processing * **Graph**: A visual representation of entities and their relationships. This view is best for: * Understanding complex access paths * Identifying indirect or unexpected connections * Exporting a clear picture of your security posture for stakeholders * **Trend Chart**: Shows changes in query results over time. Use this to: * Track the effectiveness of security measures * Identify patterns or anomalies in access behaviors * Generate visual reports for compliance and auditing purposes ### Assign Risk Levels to Saved Queries Assigning risk levels to saved queries can help prioritize security efforts and enhance visibility into your organization's risk landscape. By doing so, you: * Highlight critical security issues that require immediate attention * Provide context for decision-making during access reviews * Enable risk-based reporting and tracking of security improvements over time * Facilitate communication about security priorities across teams and to leadership * Automate risk-based alerting and response workflows This risk-based approach allows you to focus resources on the most significant threats to your organization's security posture, making your security operations more efficient and effective. To enable [risks](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/insights/risks) for a query: 1. Find the query on the **Access Visibility** > **Saved Queries** page. 2. Expand the **Actions** dropdown menu and click **Set Risk Level**. 3. Use the dropdown menu to set the risk level to `None`, `Low`, `Medium`, `High`, or `Critical`. 4. Click *Save*. After defining a risk using a saved query, entities in the results will be assigned a "Low", "Medium", "High", or "Critical" risk score. The [Risk Score](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/insights/risks) varies depending on how many queries with risks an entity is in the results of. Defining custom risks using saved queries can help reviewers make decisions during access reviews, track risk burndown, and provide visibility into your most critical identities, access controls, services, and resources. {% hint style="info" %} **Risk Exclusion**: You have several options to manage how entities appear in risk calculations: * **Mark as Exception**: Search for an entity on the **Access Intelligence** > **Risks** page, and click *Actions* > *Mark as Exception* to exclude it from a specific risk query. * **Bulk Omit**: Exclude multiple risk queries from an entity's risk score calculation at once. In **Query Details** > **Results** view, click on a risk score to view details, then click **Bulk Omit**, select the queries to exclude, and click **Omit Selection**. This is useful for eliminating false positives and refining risk accuracy. * **Query Filters**: Add filters to the original query to automatically exclude entities matching certain criteria from the results. Risk scores automatically recalculate within a few hours after making exclusions. {% endhint %} ### Assign Rules to Saved Queries Adding rules to saved queries enables automated monitoring and response to changes in your security posture. By creating rules, you can: * Get notifications when critical access patterns change * Automate the creation of access reviews for specific conditions * Trigger remediation workflows when potential risks are detected * Maintain continuous compliance with internal policies and external regulations Rules transform static queries into dynamic security controls, helping you proactively manage access risks. To assign rules to a saved query: 1. Choose *Manage Rules* from the actions dropdown menu. 2. Use the [Rule Builder](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/insights/rules-and-alerts) to define the alert details, conditions, and actions. See [Veza Actions](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/administration/administration/notifications) for more information about configuring emails, integrations, and webhooks as targets. 1. Click **Add New Rule**. 2. **Details**: Give the rule a name, description, and severity level for categorizing the rule. 3. **Conditions**: Trigger the alert based on changes in the query results, or when results have specific properties (often referred to as attributes). 4. **Action | Send Alert**: Create alerts shown on the **Rules and Alerts** page (accessible from the **Alerts** bell icon in the top toolbar), and optionally deliver them using Veza Actions. 5. **Action | Create Review**: Start a new [Review](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/access-reviews/how-to/create-access-review) from an existing review [Configuration](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/access-reviews/how-to/review-configuration).