# Release Notes: 2025-08-06 ## Access Reviews ### Enhancements * **FR-3231, EAC-47123 & EAC-47124 Default "Group By" Configuration**: Added a global setting to configure a default "group by" column and collapse/expand behavior in the Reviewer Interface. Administrators can now set a default "group by" column (such as Source, Destination, or Risk Level) both globally and per review configuration. When reviewers open an applicable review, rows are automatically grouped according to this setting, currently configurable via API. * **FR-3449, EAC-48679 Column Visibility Settings**: Administrators can now use the **Admin** > **Manage Columns** option within specific Reviews to fully disable certain columns from being available to reviewers. This will fully remove those columns from availability in the Reviewer Interface, as opposed to the existing option to hide specific columns by default. * **EAC-35845 Schedule Set Usability**: The optional **Schedule Set** indicator column for the Review Configurations table can now be dragged and repositioned for better visibility. * **FR-3823, EAC-50190 Auto-revocation Email Notification Control**: To prevent excessive notifications for auto-revocation triggered by Access Reviews, automatic emails are now disabled unless explicitly configured in Access Request Settings. * Previously, all Access Request events (creation, completion, failure, etc.) automatically generated emails to approvers, creators, beneficiaries, and watchers regardless of configuration, in addition to notifications triggered by Access Reviews events. * Existing customers with configured Access Requests global settings will maintain their current notification behavior. New Access Requests configurations must explicitly enable default notifications in Access Request Settings. ## Access Intelligence ### Enhancements * **EAC-50515 Critical Risk Level Default Filter**: Updated all system dashboards to automatically preselect "Critical" risk level filter upon user login. This is intended to help prioritize the most important security findings by default, and focus on high-priority access risks without manual filter configuration. * **FR-1860, EAC-49245 Enhanced Dashboard Sharing for Teams and Email Recipients**: Users can now share custom dashboards with specific teams through a new modal interface. This includes support for email sharing with customizable recipients, subjects, and notes, as well as direct team sharing. When sharing a dashboard with a team, you can now preview if any teams will have limited access to restricted queries or integrations. ## Access Hub ### Enhancements * **EAC-50256 Manager Visibility Configuration**: Enhanced the **My Team** view in **Access Hub** with configurable filtering options for Non-Human Identities (NHI) and contractors. Administrators can now optionally specify a property and property values to exclude specific workers (such as contractors) from manager's direct reports, and optionally hide NHI accounts from manager's direct reports. ## Access Visibility ### New Features * **FR-3391, EAC-48709 Query Diff View**: You can now view change history for Segregation of Duties (SoD) and other queries, enabling a before-and-after view of the changes to the query conditions and other metadata, such as query name, description, risk level, etc. * **EAC-49974 Query Builder Relationship Direction Control**: Added direction options to Query Builder Advanced Options. You can now specify whether your query results will show incoming relationships (entities pointing toward the source), outgoing relationships (entities the source points to), or any direction (default). * **FR-3281, EAC-48546 Permission Summarization Across Resources**: Enhanced Query Builder to automatically display columns summarizing Effective and System permissions, when using the "Relates To" option to show destination entities. This change provides a better view into raw permissions and effective access for source entities. The Query Builder API now supports a new "include\_permission\_summary" parameter for queries of type SOURCE\_NODES\_WITH\_COUNTS. ## Lifecycle Management ### New Features * **FR-3691, EAC-48038 Custom Attribute Transformer Functions**: Added support for using Custom Attribute Transformer functions within Lifecycle Management Policies. This enables administrators to create reusable, custom transformation logic that can replace complex pipelines of built-in transformers. * For example, a custom transformer named `$CLEAN` can be defined within a policy version and used as `{first_name | $CLEAN}`. * In this example, `$CLEAN` might resolve to a series of pipelined transformer functions like `| ASCII | LOWER | REMOVE_CHAR, ".@,"`. ### Bug Fixes * **EAC-50596**: Fixed an issue where Lifecycle Management "Sync Identities" operations were failing for Okta users due to missing login information in update requests. ## Non-Human Identity (NHI) Security ### Enhancements * **EAC-50051 Okta App User Identity Type Classification**: Improved Okta App User identity classification to inherit the identity type from the Okta App User's corresponding Okta User account. When an associated Okta User exists, the App User now automatically adopts the same identity type classification (human or non-human). For App Users without corresponding Okta User accounts, the system defaults to marking them as human identities. ## Veza Integrations ### New Features * **EAC-44606 Neptune Database for AWS**: The AWS integration now discovers and extracts Neptune Global Databases, Clusters, and Instances, for visibility into graph database infrastructure and access patterns. Note that Neptune discovery requires additional `rds:DescribeGlobalClusters` permission in your AWS-Veza connector policy. * **EAC-51176 Cassandra**: Added secure TLS connection support to the Cassandra integration with configurable encryption settings. You can now enable/disable TLS connections and opt to use a custom Certificate Authority (CA) certificate. ### Enhancements * **FR-3738, EAC-49275 AWS**: Veza now discovers and shows system and effective permissions for AWS IAM Access Keys. * **EAC-50604 & EAC-50672 Enhanced User Status Handling**: Improved accuracy of user account status detection for identity provider users: * The Okta integration now treats "SUSPENDED" users as inactive alongside the existing "DEPROVISIONED" status. * Google Workspace Users with the "Archived" and "Suspended" account states are now marked as inactive. ### Bug Fixes * **EAC-50011 Azure AD**: Fixed an issue affecting Azure AD Group membership extraction for Service Principals that caused group memberships to be missing from extracted data due to a Microsoft Graph API issue #25984. * **EAC-49673 SQL Server**: Updated logic for linking Active Directory users to SQL Server users using SID. * **EAC-50613 Snowflake**: Removed account name filtering during Snowflake discovery --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/release-notes/release-notes/2025-08-06.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.