2024.1.29
Changes in Veza release v2024.1.29
Access Intelligence
New Features
EAC-31497 Risk Scores for Authorization Graph: When showing Risks in Graph Search, a Risk Score now appears next to each entity's name for better visibility into relative risk for different entities in search results. The option to highlight risks in the Authorization Graph is renamed from Display Options > Risks to Display Options > Risk Scores.
Snowflake Data Governance Dashboard: A specialized dashboard is now available for customers using the Snowflake integration. The page offers a range of out-of-the-box insights, including visibility into changes and trends for:
Total inert users and superusers
Inert roles and super roles
Role access to data objects (schema, database, table)
Deactivated IdP users with Snowflake Access
Vulnerabilities and least-privilege anti-patterns
Enhancements
EAC-31099 Enhanced List Filters: Filters on list-type attributes now support additional operators to enable matching based on the contents of an element in the list. For these attributes (such as Okta User
MFA Factors
or GitHub UserEmails
), you can now conditionally filter results where one list item (Contains
/Does Not Contain
/Starts With
/Ends With
) the input string or matches a regular expression. This enhancement complements the existingEquals
andNot Equals
operators, which filter for exact matches across any list element.
Bug Fixes
EAC-31634: Fixed an issue causing the Query Builder Entity Type dropdown to contain values when searching for a source entity type.
Access Reviews
Enhancements
EAC-28284 Workflow Builder: The Access Reviews workflow creation modal now uses a step-by-step wizard. The new design provides a more intuitive flow for adding a description, specifying the query, and configuring email notifications and orchestration actions.
EAC-31458 Workflow Query Enhancements: Entity type groupings, used to specify combinations of entity types for workflow queries involving custom applications, are renamed for clarity when constructing queries with the Workflow builder:
All Idp Users for All Apps -> Custom Idp Users
All Applications for All Apps -> Custom Applications
All SubResources for All Apps -> Custom SubResources
All Resources for All Apps -> Custom Resources
All Users for All Apps -> Custom Users
All Roles for All Apps -> Custom Roles
All Role Assignments for All Apps -> Custom Role Assignments
All Idp Domains for All Apps -> Custom Idp Domains
All Idp Groups for All Apps -> Custom Idp Groups
All Groups for All Apps -> Custom Groups
All Permissions for All Apps -> Custom Permissions
Lifecycle Management
Enhancements
EAC-31595 Date-based Provisioning Rules: User Mapping Rules now support date-based operators to enable conditions based on attributes containing timestamps. You can now use
On or After
,On or Before
,After
, orBefore
to create rules that only (for example) provision users hired after a certain date.
Veza Integrations
Enhancements
EAC-31410 Jira Additional Fields: The details page for Jira Orchestration Actions now includes an Additional Fields tab, displaying the configured System Fields and Custom Fields.
EAC-31598 Jira Default Assignee: The Jira Orchestration Action no longer requires a Default Assignee to enable the integration. Leaving this value blank will set
Unassigned
on created issues.EAC-31703 Okta Audit Logs: When using OAuth credentials for the Okta integration, granting the
okta.logs.read
scope now allows Veza to gather information about System Log entries in the Okta organization, and use activity data to enable incremental extraction.EAC-31642 AWS Condition Parsing: Veza now evaluates when
aws:userid
IAM policy condition keys restrict access to resources, and shows the appropriate effective permissions for the authorization path.
Last updated