2024.1.29

Changes in Veza release v2024.1.29

EAC-31497 Risk Scores for Authorization Graph: When showing Risks in Graph Search, a Risk Score now appears next to each entity's name for better visibility into relative risk for different entities in search results. The option to highlight risks in the Authorization Graph is renamed from Display Options > Risks to Display Options > Risk Scores.
Snowflake Data Governance Dashboard: A specialized dashboard is now available for customers using the Snowflake integration. The page offers a range of out-of-the-box insights, including visibility into changes and trends for:
- Total inert users and superusers
- Inert roles and super roles
- Role access to data objects (schema, database, table)
- Deactivated IdP users with Snowflake Access
- Vulnerabilities and least-privilege anti-patterns

EAC-31099 Enhanced List Filters: Filters on list-type attributes now support additional operators to enable matching based on the contents of an element in the list. For these attributes (such as Okta User MFA Factors or GitHub User Emails), you can now conditionally filter results where one list item (Contains / Does Not Contain / Starts With / Ends With) the input string or matches a regular expression. This enhancement complements the existing Equals and Not Equals operators, which filter for exact matches across any list element.

EAC-31634: Fixed an issue causing the Query Builder Entity Type dropdown to contain values when searching for a source entity type.

EAC-28284 Workflow Builder: The Access Reviews workflow creation modal now uses a step-by-step wizard. The new design provides a more intuitive flow for adding a description, specifying the query, and configuring email notifications and orchestration actions.
EAC-31458 Workflow Query Enhancements: Entity type groupings, used to specify combinations of entity types for workflow queries involving custom applications, are renamed for clarity when constructing queries with the Workflow builder:
- All Idp Users for All Apps -> Custom Idp Users
- All Applications for All Apps -> Custom Applications
- All SubResources for All Apps -> Custom SubResources
- All Resources for All Apps -> Custom Resources
- All Users for All Apps -> Custom Users
- All Roles for All Apps -> Custom Roles
- All Role Assignments for All Apps -> Custom Role Assignments
- All Idp Domains for All Apps -> Custom Idp Domains
- All Idp Groups for All Apps -> Custom Idp Groups
- All Groups for All Apps -> Custom Groups
- All Permissions for All Apps -> Custom Permissions

EAC-31595 Date-based Provisioning Rules: User Mapping Rules now support date-based operators to enable conditions based on attributes containing timestamps. You can now use On or After, On or Before, After, or Before to create rules that only (for example) provision users hired after a certain date.

EAC-31410 Jira Additional Fields: The details page for Jira Orchestration Actions now includes an Additional Fields tab, displaying the configured System Fields and Custom Fields.
EAC-31598 Jira Default Assignee: The Jira Orchestration Action no longer requires a Default Assignee to enable the integration. Leaving this value blank will set Unassigned on created issues.
EAC-31703 Okta Audit Logs: When using OAuth credentials for the Okta integration, granting the okta.logs.read scope now allows Veza to gather information about System Log entries in the Okta organization, and use activity data to enable incremental extraction.
EAC-31642 AWS Condition Parsing: Veza now evaluates when aws:userid IAM policy condition keys restrict access to resources, and shows the appropriate effective permissions for the authorization path.

Last updated 2 months ago