How to use the query details view, saved queries overview, and full query builder to review and explore SoD risks.
Last updated
Was this helpful?
You can use the Separation of Duties overview page to view queries and add new ones.
To manage and edit Separation of Duties queries:
On the main Veza navigation, open the Separation of Duties overview page.
Use the overview to review all queries created using the Separation of Duties query builder. To find built-in queries, filter by the Separation of Duty label.
Expand the action menu (⠇) to the right of each row to choose an action:
View query details: See configured rules, alerts, reports, and an overview of the results.
Open in Analysis: Open the query to edit conditions on the Separation of Duties (SoD) page.
View Trend Chart: Save a visualization of the changes over a selected time.
Clone Query: Make a copy of the SoD violation for further editing.
Delete Query: Delete the query.
Manage Rules: Configure rules to trigger alerts and run orchestration actions.
Schedule Export (Early Access): Export the current results from Veza to an external database.
Set Risk Level: Set whether query results are considered low, medium, high, or critical risks.
Clicking on a query on the Separation of Duties overview opens the full details view, including a simplified table of the current results and a trend chart showing changes over time. The details view shows all individual users in the query results, with the option to show or hide columns displaying each user attribute.
Switch between tabs in the Details view to review information about the query:
Results: Use this tab to visualize trends over time, review query metadata, and inspect the current query results and their attributes using a simplified table view. You can also open the search in Query Builder or Graph for further analysis.
Risks: If the query has a Risk Level, you can use this tab to get detailed information about when new violations were detected, delegate risk assignees, and add notes.
Alerts: If Alert Rules are enabled for the query, events for triggered alerts are listed here. If webhooks are configured for automation, you can use this page to review the action status and any error message.
Rules: Use this page to quickly review, add, and delete any rules configured for the query.
Reports: Use this page to check if the query is included in Reports or Dashboards, with options to open or clone any report.
Opening a Separation of Duties query in the Access Intelligence Query Builder shows more details about each user in violation of the SoD rule.
While the Query Details view is intended to provide a quick overview of results, the full Query Builder can provide additional insight into the conflicting roles to help identify the appropriate remediation steps.
By default, opening an SoD query in Query Builder will list all users in the results, with one row for each user:
You can alter the query to return a row for each unique user-to-destination relationship. When Show [Destination Entities] is enabled, the results include the permissions, roles and resources triggering the SoD violation:
Using the Show Summary Entities option, you can get additional visibility into hierarchical groups, roles, or other access controls that enable the access described in a row. See Intermediate Entities for more details about inspecting authorization paths in Query Builder.
