Documentation

Custom Remediation

Suggest Edits

Security teams often have custom priorities as they order systems and groups to reach least privilege. Using custom remediation, you can define strategies to clean up access to sensitive resources, using flexible filters and bulk access updates. This builds on the least privilege cleanup suggestions Opal already provides.

Requirements

To use custom remediation, you must:

  • Be an Opal Admin
  • Be on version 1.0.893, if you self-host Opal

Filter groups and resources to remediate

Go to the Risk Center, then select the Custom Remediation button to the right of Top Suggested Remediations.

On the Custom Remediations page, you can filter by entity to enable the multi-selection of groups or resources, by entity type to display specific group or resource types. You can also filter by principal and principal type, which indicate the users or groups with access.

After you apply filters, the results populate with information about the relationship between the Principal—the user or group with access to the entity—and the entity it can access. From this table, you can apply additional filters for the principal name, type of principal, and what risks Opal has identified for the access grant.

The table also shows:

  • When the entity was last used
  • The level of privileges
  • When the grant expires
  • Any additional access paths between this principal and entity
  • Whether the access grant has risk associated with it—unused, permanent, or outside access

This information can be used to decide whether to remediate the access grant.

Remediate from groups and resources

You can alternatively use the Inventory to select a group or resource to manage access, and select Remediate Resource or Remediate Selection. You'll be redirected to the Custom Remediation page with filters already applied.

Apply remediation actions

If the access needs to be cleaned up, the access can be revoked altogether or converted to a time-bound grant that automatically expires at a later date.

After the action is taken, the Action column of the affected principals changes to reflect the updates.

From here, you can continue your journey to reaching least privilege by setting new filters or go back to the Risk Center to remediate Opal suggestions.

Updated about 6 hours ago