Access Reviews for SoD
Create and manage access reviews directly from Separation of Duties queries.
Overview
Veza supports creating access reviews directly from Separation of Duties (SoD) queries. This can enable a streamlined sign-off and remediation process when users with conflicting entitlements are detected. There are two primary methods for integrating SoD with Veza Access Reviews:
1-Step Access Reviews: Create an immediate review of current SoD query results
On-demand Access Reviews: Schedule recurring reviews or whenever SoD results change
Both options provide ways to assign SoD conflicts to the appropriate reviewers for approval, rejection, and remediation. User access reviews can be used as documentation to capture the review of SoD results.
Note that users need the Administrator or Operator root team role to create Access Reviews.
1-Step Access Reviews
Use the 1-Step review creation workflow to create an access review with the latest query results. This is ideal for quickly acting on conflicting users, without creating a full configuration for on-demand or scheduled reviews.
For any saved query in Veza, you can open the query to view details, and expand the ⠇ menu in the top right corner to view query actions. Choose the Launch Access Review option to create a review using the 1-step builder.
You can launch an access review directory from the Separation of Duties overview page:
Open the Separation of Duties page and locate the query you want to review
Open the "Actions" dropdown menu and select "Launch Access Review"
Launch Access Review from SoD overview actions menu Configure the review:
Launch Access Review configuration options Review name: Enter a descriptive name for the review
Due date: Set the deadline for review completion
Reviewers: Assign default reviewers for all rows
Auto-assign reviewers: Optionally enable automatic assignment based on Veza metadata
Fallback reviewers: Specify reviewers to use when auto-assignment fails
Second-level Reviewers: Optionally require multi-level approval, if applicable
Access Intelligence: Enable display of risk scores and levels in the reviewer interface
Choose to either:
Create and Publish: Make the review immediately available to assigned reviewers
Create: Save a draft review to preview and customize before publishing
After creation, you can manage the review through the Access Reviews interface. If created as a draft, you can make further adjustments to the review before publishing it and notifying reviewers.
On-demand Access Reviews
On-demand reviews can be triggered by rule conditions when SoD query results change, such as when new conflicts are detected, or when the total conflicts (the query results) exceeds a threshold. On-demand reviews use alert rules to initiate reviews and auto-assign reviewers based on an existing review configuration, based on the query results when the rule is activated.
To enable on-demand reviews:
Create a Review Configuration. Choose to use a saved query to define the review scope, select your SoD query, and save the configuration.
On the Separation of Duties overview page, locate the SoD query for on-demand reviews
Open the "Actions" dropdown menu and select "Manage Rules"
Managing rules for on-demand reviews Click "Add a new Rule" to open the rule builder
Adding an alert rule Configure the rule:
Name and describe the rule
Set the severity level
Define trigger conditions (e.g., results increase by more than one)
As the Action, choose "Create Review"
Configure the on-demand review plan:
On-demand review configuration interface Select a review configuration for the SoD query
Set the review duration
Specify reviewer assignment options, if available
Configure any review intelligence rules
Save the rule, and click "Save Query" to finalize the changes
When the rule conditions are met, Veza will automatically create a new access review with the specified settings, and notify the assigned reviewers.
See On-Demand Reviews for more information about using alerts and rule conditions to create access reviews.
Scheduling Reviews
To conduct recurring reviews on a schedule, you will first need to create a review configuration.you can create a review configuration using the SoD query, and then enable scheduled reviews for the configuration.
Create a Review Configuration. Choose to use a saved query to define the review scope, select your SoD query, and save the configuration
On the Access Reviews > Configurations page, find the new configuration and choose Actions > Create Schedule
Set the Duration of created reviews
Choose the Frequency: Weekly, Biweekly, Monthly, Every other Month, or Quarterly
Choose a Start Date for the schedule
Choose the days of the week, time of day, and time zone to create reviews
Assign default reviewers
Save the schedule
See Schedule an Access Review for more details.
Managing Reviews
All reviews created from SoD queries, whether 1-Step or on-demand, are managed through the Access Reviews interface. From there, operators can:
Monitor review progress
Modify reviewer assignments if needed
Send reminders to reviewers
View decision history
Export review results
See the Access Reviews documentation for more information on managing reviews, including reviewer assignment, decision-making workflows, and reporting capabilities.
Integration with Access Reviews Features
Reviews generated from SoD queries support all standard Access Reviews features, including:
Email notifications and Digest Emails for assignments and reminders
Multi-level approval workflows
Integration with identity providers for reviewer auto-assignment
Last updated
Was this helpful?