Create and manage access reviews directly from Separation of Duties queries.
Last updated
Was this helpful?
Veza supports creating access reviews directly from Separation of Duties (SoD) queries. This can enable a streamlined sign-off and remediation process when users with conflicting entitlements are detected. There are two primary methods for integrating SoD with Veza Access Reviews:
1-Step Access Reviews: Create an immediate review of current SoD query results
On-demand Access Reviews: Schedule recurring reviews or whenever SoD results change
Both options provide ways to assign SoD conflicts to the appropriate reviewers for approval, rejection, and remediation. User access reviews can be used as documentation to capture the review of SoD results.
Use the 1-Step review creation workflow to create an access review with the latest query results. This is ideal for quickly acting on conflicting users, without creating a full configuration for on-demand or scheduled reviews.
For any saved query in Veza, you can open the query to view details, and expand the ⠇ menu in the top right corner to view query actions. Choose the Launch Access Review option to create a review using the 1-step builder.
You can launch an access review directory from the Separation of Duties overview page:
Open the Separation of Duties page and locate the query you want to review
Open the "Actions" dropdown menu and select "Launch Access Review"
Configure the review:
Review name: Enter a descriptive name for the review
Due date: Set the deadline for review completion
Reviewers: Assign default reviewers for all rows
Auto-assign reviewers: Optionally enable automatic assignment based on Veza metadata
Fallback reviewers: Specify reviewers to use when auto-assignment fails
Second-level Reviewers: Optionally require , if applicable
Access Intelligence: Enable display of risk scores and levels in the reviewer interface
Choose to either:
Create and Publish: Make the review immediately available to assigned reviewers
Create: Save a draft review to preview and customize before publishing
After creation, you can manage the review through the Access Reviews interface. If created as a draft, you can make further adjustments to the review before publishing it and notifying reviewers.
On-demand reviews can be triggered by rule conditions when SoD query results change, such as when new conflicts are detected, or when the total conflicts (the query results) exceeds a threshold. On-demand reviews use alert rules to initiate reviews and auto-assign reviewers based on an existing review configuration, based on the query results when the rule is activated.
To enable on-demand reviews:
On the Separation of Duties overview page, locate the SoD query for on-demand reviews
Open the "Actions" dropdown menu and select "Manage Rules"
Click "Add a new Rule" to open the rule builder
Configure the rule:
Name and describe the rule
Set the severity level
Define trigger conditions (e.g., results increase by more than one)
As the Action, choose "Create Review"
Configure the on-demand review plan:
Select a review configuration for the SoD query
Set the review duration
Specify reviewer assignment options, if available
Configure any review intelligence rules
Save the rule, and click "Save Query" to finalize the changes
When the rule conditions are met, Veza will automatically create a new access review with the specified settings, and notify the assigned reviewers.
To conduct recurring reviews on a schedule, you will first need to create a review configuration.you can create a review configuration using the SoD query, and then enable scheduled reviews for the configuration.
On the Access Reviews > Configurations page, find the new configuration and choose Actions > Create Schedule
Set the Duration of created reviews
Choose the Frequency: Weekly, Biweekly, Monthly, Every other Month, or Quarterly
Choose a Start Date for the schedule
Choose the days of the week, time of day, and time zone to create reviews
Assign default reviewers
Save the schedule
All reviews created from SoD queries, whether 1-Step or on-demand, are managed through the Access Reviews interface. From there, operators can:
Monitor review progress
Modify reviewer assignments if needed
Send reminders to reviewers
View decision history
Export review results
Reviews generated from SoD queries support all standard Access Reviews features, including:
Create a . Choose to use a saved query to define the review scope, select your SoD query, and save the configuration.
See for more information about using alerts and rule conditions to create access reviews.
Create a . Choose to use a saved query to define the review scope, select your SoD query, and save the configuration
See for more details.
See the for more information on managing reviews, including reviewer assignment, decision-making workflows, and reporting capabilities.
and for assignments and reminders
workflows
Integration with identity providers for
