Organizations tend to have many resources and groups, which can clutter the UI for end users. Admins often support productivity by grouping resources that users are likely to need.

Traditionally, this curation is handled by providing "birthright" access — proactive authorization that saves time, but doesn't maintain security.

Admins should be able to create collections of resources and groups, contextualized by anticipated usage, without over-provisioning access.

Opal's bundle construct

Bundles provide an alternative to the historic separation of "birthright" default access and just-in-time access, and its inherent productivity vs. security tradeoff.

The bundle itself is not a resource but a wrapper for resources. Any resource or group contained in a bundle retains its established policies and configurations. Adding an item to a bundle will not change its admin, owner, approval policies, or visibility settings.

This decouples resource curation from actual authorization — "you may need this and wish to request it" is very different from "you may need this so we'll give it to you." Our goal is to enable least-privilege without sacrificing productivity.

Admin flow: curate

You'll need to be an Opal admin to create a bundle.

Create a bundle

Navigate to Catalog and select the Bundles tab:

Click on the + Bundle button:

Name your bundle and add an optional description:

Set an admin

Select an Opal Owner to own adding and removing items from the bundle.

The admin does not gain permission to directly add users to any resources and groups contained in the bundle.

Add resources and groups

Once the bundle is created, use the Resources and Groups tabs to add items to the bundle.

User flow: request

Navigate to Catalog and select the Bundles tab. Click on the appropriate bundle.

Bulk select

Select the resources you need Opal to bulk request.

Bulk request

Deselect any resources you don't need and submit your bulk request:

The sent request will detail the status of each item's reviewers and their responses.