Overview
OpalScript is Opal’s scripting language for automating access management workflows integrated deeply with Opal’s access management platform. Built on Starlark (a Python-like language), OpalScript enables you to write custom automation logic and scripts that evaluate conditions, query the access graph and take actions programmatically.Use Cases
OpalScript currently supports automated request review, with additional automation types planned for the future:| Script Type | Status | Description |
|---|---|---|
| Request Review | Available | Automatically approve, deny, or comment on access requests |
| Additional types | Coming Soon | More automation capabilities will be added |
How OpalScript Works
Each OpalScript type has access to:- Utility modules: Common functions available to all script types (e.g.,
accesslibfor access queries,notificationslibfor sending notifications) - Context module: Script-type-specific data about what triggered the script
- Actions module: Script-type-specific operations the script can perform
Create your first workflow
- In Opal, navigate to Configuration > Service Users and create a new service user. This service user will be the identity that runs your OpalScript automations.
-
Open the service user and select Add automation. Configure the automation:
- When: Choose Assigned to request to trigger the script whenever a request is assigned to this service user for review.
- Then: Choose Run OpalScript.
-
Enter your OpalScript in the editor. For example, to auto-approve all requests:
See Request Review: Get started for the full
contextandactionsAPI reference, and examples for ready-to-use scripts. - Add the service user as a reviewer on any resource or group. When a request is submitted, the automation will run your script automatically.