- Snapshot user access when a review is started
- Scope access campaigns intelligently with natural language or a query builder
- Automatically assign reviews for managers, resource owners or admins to review in a self-service way
- Send custom instructions and bulk reminders all without leaving Opal
- Generate a report to summarize all actions for audit purposes
Requirements
You must have the Opal Auditor or Opal Admin role to create an access campaign, and be on versions1.1176.0 or later to view the new interface. To learn more about the roles in Opal, see our page on role capabilities.
Creating an Access Campaign
Navigate to the Access Campaigns tab and click + Campaigns in the top left corner.Scoping a Campaign
Define the scope of your campaign by using natural language input or adding a Principal, Asset, and/or Edge filter in the query builder.
| Filter type | Description | Conditions supported |
|---|---|---|
| Principal | Entities that have access to an asset (e.g. User, Resource, Groups) | • Principal • Principal Type • Principal Item Type • Principal Name ( string match)• App (Entities managed by specific integration) • Principal Tag |
| Asset | What principals have access to (e.g. Resource, Groups) | • Asset • Asset Type • Asset Item Type • Asset Name ( string match)• App (Entities managed by specific integration) • Asset Tag |
| Edge | Relationship between Principal and Asset | • Role Name (exact string match)• Role Remote ID • Access Duration Type (Permanent or Time-bound) |
- All users who have Github Repo admin access
- All permanent AWS RDS cluster or GCP project Access
- All groups that have access to Figma or Retool
- All users who have access to resources tagged SOX
Set Reviewer Assignment Policy
Select a reviewer assignment policy from the dropdown. The preview table updates automatically to reflect your selection.
Configure your draft
After you click Create, your access campaign enters Draft mode. This allows you to edit reviewer assignments, add general information, and configure specific controls before you launch it to your reviewers.When you click Create, Opal takes a snapshot of the access relationships between principals and assets in your campaign. Any access changes that occur after this point won’t be reflected in the campaign.For example, if Jane’s GitHub role changes from admin to read-only after you click Create, the campaign will still show her original admin role.
Reviewer Assignment
Open the Reviews tab to manually edit reviewer assignments. Use multi-select, grouping, filtering, and sorting to bulk-assign reviews to one or more reviewers.

