# DevRev

## Overview

DevRev is a customer relationship management (CRM) platform that unifies customer support, product development, and business operations.

The Veza integration for DevRev enables visibility into identity and access management by discovering users, groups, roles, and permissions. This integration enables organizations to:

* Map access across users, groups, and role assignments within DevRev
* Analyze role-based access control with conditional access
* Track field-level permissions with read/write granularity
* Identify accounts with elevated privileges and custom conditions

See [Notes and supported entities](#notes-and-supported-entities) for details on discovered data.

## Prerequisites

To configure the integration, you will need:

* **Network connectivity**: Connection from Veza to DevRev via a [deployed Insight Point](/4yItIzMvkpAvMVFAamTf/integrations/connectivity/insight-point.md) or direct connection
* **Personal Access Token**: A DevRev PAT created by a user with **organization admin access** (or equivalent permissions to view users, groups, roles, and access control settings)

{% hint style="info" %}
DevRev PATs inherit all permissions from the user who creates them. There are no configurable scopes. The token has the same access as the creating user. For the Veza integration to discover identity and access data, the PAT must be created by a user who can view organization members, groups, roles, and access control configurations.
{% endhint %}

## Configuring DevRev

### Creating a Personal Access Token

Create a Personal Access Token (PAT) in DevRev. The PAT must be created by a user with organization admin privileges or equivalent access to view users, groups, roles, and access control settings.

For detailed instructions on creating and managing Personal Access Tokens, see the [DevRev authentication documentation](https://developer.devrev.ai/about/authentication).

{% hint style="info" %}
DevRev PAT values cannot be retrieved after creation. Use a descriptive name (e.g., "Veza Integration") to differentiate between multiple PATs.
{% endhint %}

{% hint style="warning" %}
Store the PAT securely. The token inherits all permissions of the creating user, providing access to your DevRev organization's identity and access data.
{% endhint %}

## Configuring DevRev on the Veza Platform

1. In Veza, go to the **Integrations** page
2. Click **Add Integration** and search for **DevRev**
3. Click **Next** to begin configuration
4. Enter the required information (see table below)
5. Click **Create Integration** to save and start the first extraction

### Configuration options

| Field             | Required | Notes                                                 |
| ----------------- | -------- | ----------------------------------------------------- |
| **Insight Point** | Yes      | Choose default data plane or deployed Insight Point   |
| **Name**          | Yes      | Friendly name to identify this integration            |
| **Token**         | Yes      | DevRev Personal Access Token (PAT) for authentication |

## Notes and supported entities

DevRev uses a role-based access control model with role sets that contain individual roles. Each role defines privileges (create, read, update, delete, execute) and field-level permissions. Roles can have conditional access rules (caveats) that restrict when permissions apply.

### Discovered entities

Veza discovers the following entity types:

* **Users**: DevRev user accounts with profile information and email identities
* **Groups**: Teams and organizational units with membership associations
* **Roles**: Role sets containing permission assignments and conditional access rules
* **Permissions**: Privilege-based and field-level permissions derived from roles

### Key attributes

#### User

| Veza Attribute | DevRev Attribute | Notes                                     |
| -------------- | ---------------- | ----------------------------------------- |
| `Name`         | `full_name`      | Full name of the user                     |
| `Email`        | `email`          | Used for identity correlation             |
| `Display Name` | `display_name`   | User's display name                       |
| `Is Active`    | `state`          | Derived: true when state is "active"      |
| `Created At`   | `created_date`   | Timestamp when the user was created       |
| `Updated At`   | `modified_date`  | Timestamp when the user was last modified |

#### Group

| Veza Attribute | DevRev Attribute | Notes                                            |
| -------------- | ---------------- | ------------------------------------------------ |
| `Name`         | `name`           | Group name                                       |
| `Member Type`  | `member_type`    | Type classification (e.g., dev\_user, rev\_user) |
| `Updated At`   | `modified_date`  | Timestamp when the group was last modified       |

#### Role

| Veza Attribute      | DevRev Attribute | Notes                                                |
| ------------------- | ---------------- | ---------------------------------------------------- |
| `Name`              | `name`           | Role set name                                        |
| `Created At`        | `created_date`   | Timestamp when the role was created                  |
| `Updated At`        | `modified_date`  | Timestamp when the role was last modified            |
| `Has Conditions`    | —                | Derived: true if role contains caveats               |
| `Custom Conditions` | `caveats`        | Transformed to human-readable condition descriptions |

### Permissions and effective access

DevRev implements a permissions model that supports:

1. **Standard privileges**: create, read, update, delete, execute
2. **Field-level privileges**: Granular read/write access to specific fields
3. **Conditional access (caveats)**: Rules that restrict when permissions apply

Veza maps DevRev permissions to these effective permission types:

| Effective Permission | Description                                   |
| -------------------- | --------------------------------------------- |
| **Data Read**        | Read data (from `read` privilege)             |
| **Data Write**       | Modify data (from `update` privilege)         |
| **Data Create**      | Create new data (from `create` privilege)     |
| **Data Delete**      | Remove data (from `delete` privilege)         |
| **Non Data**         | Execute operations (from `execute` privilege) |

#### Permission naming

Permissions are named using the format: `target:privilege:permission_id`

For field-level permissions: `target:field_read:permission_id` or `target:field_write:permission_id`

#### Conditional access (caveats)

Roles can include conditions that restrict permission applicability:

| Condition Type | Description                                           |
| -------------- | ----------------------------------------------------- |
| `intersects`   | Target attribute contains any of the specified values |
| `eq`           | Target attribute equals the specified value           |
| `not_eq`       | Target attribute does not equal the specified value   |
| `in`           | Target attribute belongs to the specified values      |

Conditions are tracked in the role's custom properties and can be used to understand when permissions actually apply.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/devrev.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.