2024.2.19

Access Reviews

New Features

• EAC-31673 Edit Review Configuration: Administrators and operators can now edit an existing Review Configuration to update the original query, or customize reminders and orchestration actions. To modify a Configuration, click its name on the Review Configurations page to view details, then click Edit.

Bug Fixes

• EAC-32007: Fixed an issue where the full information was not shown when hovering over cells in Reviews containing long strings of text.

• EAC-32488: Fixed a "Resource Not Found" error that could occur when attempting to load a Review.

Veza Integrations

Enhancements

• EAC-31842 Okta Group Rules: Veza now parses Okta group rules used to assign permissions based on user attributes or other group memberships. A new Okta Group Rule entity connects Okta Users and Okta Groups in Authorization Graph, shown when activating Relationship Options > Advanced View.

• Box Effective Permissions: Veza now shows effective permissions for Box roles directly to resources. Before, these were shown only for User > Resource. Relationships between users and home folders are now shown only in System query mode.

• EAC-32089 AWS Identity Center Account-level Permission Sets and Role Trust Policy Evaluation: The AWS Identity Center integration now supports account-level granularity for Permission Set assignments. Principals assigned to a Permission Set are now connected to a new AWS IAM Identity Center Permission Set Account entity for each account, reflecting specific assignments. Additionally, Veza evaluates the Trust Policy of corresponding provisioned IAM Roles in each account, which can limit an Identity Center principal's ability to assume the role. This will result in more accurate Effective Mode queries involving Identity Center principals and IAM Roles.

  • Note 1: On upgrade, Veza will re-parse all AWS Identity Center data sources to apply the new Permission Set Account nodes. Until this process is complete, Authorization Graph or Query results involving AWS Identity Center may be temporarily invalid.

  • Note 2: Queries involving the old AWS IAM Identity Center Permission Set entity type are updated to use the new type. Some queries may no longer be valid due to schema changes and will return an error upon execution.

• EAC-21030 AWS Unsupported Condition Property: Added a boolean property Unsupported Condition to AWS Policy Statement entities indicating when the Policy Statement includes an unsupported condition, possibly impacting the accuracy of access shown in Veza.

Bug Fixes

• EAC-31991: Fixed an issue causing some integrations (such as UKG Pro) to not appear on the list of filterable provider types