Veza Product Update – June 2023

At Veza, we continuously deliver new features and enhancements to meet customer needs and bring you our latest product innovations. To help keep track of the many changes over the past month, we’ve compiled a summary of all the latest improvements from our most recent releases.

Search and Insights

Segregation of Duty (SoD) Analysis (Early Access): The Insights > Analysis page now includes an additional section for creating queries with complex “and”/”or” statements and condition groupings. This query mode can identify users that can assume different roles (such as conflicting roles that violate business rules for separation of duties). This query mode can also identify users that can have conflicting effective permissions to more than one type of resource (SaaS apps, data systems, cloud services, infra services, IAM systems, etc.) Learn more here.

Query Builder: Show or Hide Nested Relationships (Early Access): It is now possible to hide results that are indirectly accessible due to hierarchical relationships, such as AWS IAM Roles assumed by another role, or Azure AD Groups belonging to a parent group. The toggle to show or hide indirect access appears under Advanced Options > Relationship Options > Show Assumed. This option only appears when the source or destination entity type can be nested.

Edit report owners: Report creators can now share reports and enable other Veza users (such as app, data, identity, and security teams) to edit them by adding or removing owners in Edit Mode. Owners are now listed next to report titles on the Reports page. Private reports are only visible to the creator, and any users added as owners.

Rules for Saved Queries: The Saved Queries page now includes a tab for creating and managing Rules based on their underlying saved queries. You can use this view to see whether a query has rules associated with it, create new rules, and review the condition and severity of any active rules.

New filter operators: Attribute filters can now specify Exists and Not Exists operators, allowing searches to only return results based on the presence or absence of a value for a specified property.

Saved Query Improvements: When saving a query, you are now able to apply an existing assessment label or create a new one. When saving a query and adding it to a report, you can now choose a report section for the query.


AWS Secrets Manager: Veza now supports User and Role permissions on secrets contained within AWS Secrets Manager. New entity types Secrets Manager Service and Secrets Manager Secret are now discovered for any integrated AWS account. Veza also discovers Secret attributes such as last rotated and last accessed dates. Plus:

  • New out-of-the-box assessment queries: AWS Secrets Manager secrets that haven’t been rotated for 90 days.
  • Note that the integration trust policy now includes the secretsmanager:ListSecrets action. You should update your policy within AWS to avoid warnings, or edit the integration and choose Limit AWS Services > Secrets Manager.

Confluence Cloud: A new connector is available for discovering user and group access to Spaces in Confluence. Veza can show when Spaces allow unlicensed access or anonymous access, and when users are external collaborators.

Windows Servers: A new connector is available for discovering local users and groups, scheduled tasks, and services running on Windows servers.

Configurations v2 (Early Access): The Veza Configuration pages have been completely overhauled for more streamlined integration management and improved visibility into the status of your integrations. Please contact the Veza support team if you would like to preview the new user experience before it becomes generally available for all users.

All our latest Veza integrations can be found here. If you don’t see an integration that meets your needs, please reach out – we are building new integrations as fast as we can and would love to hear about your priorities.

Veza Workflows

Mobile improvements:

  • Reviewers on mobile devices can now use the Approve and Sign-Off action.
  • Reviewers accessing Certifications on mobile devices can now Re-assign Reviewers.

Usability improvements:

  • The grace period for marking expired Certification results as Fixed after the Certification expires (default 7 days) is now configurable by the Veza support team.
  • Certifications now indicate the total number of result rows even when filtered or split across multiple pages.

Improved performance when:

  • Creating certifications and loading certification results when auto-assignment of reviewers and self-review prevention is turned on.
  • Creating 100+ certifications in parallel.
  • Sorting certification results
  • Working with reviews with millions of certification rows, thousands of access reviewers, and hundreds of concurrent access reviewers.

Veza Product Design and Usability

Permissions filters for Workflows, Graph, and Query Builder: We’ve improved filtering by permissions to provide a more uniform experience across all Veza search interfaces. You can now choose an effective (create, read, update, delete) or system-level permission to filter on.

Improved Graph visualization for “deny” relationships: Paths connecting entities resulting from policies that prevent access are now highlighted in red in Graph search results. Previously, these relationships were only color-coded in Explain Effective Permissions mode.

Risks usability: When using the Manage Exceptions action to add or remove several exceptions for a risk query at a time, a type column now indicates whether each result is currently an exception or a risk

Collapsible search sidebar: You can now click to show or hide the left sidebar in Graph Search, Query Builder, and when creating a Workflow.

Table of Contents