| access | check_access(principal, entity, [level]) | Check whether a principal has access to an entity |
| notifications | notify_user(user_id, title, body) | Notify a specific user via email and Slack (if configured) |
| notifications | notify_admins(title, body) | Notify all Opal admins |
| notifications | notify_owner(owner_id, title, body) | Notify an owner via Slack channel (if configured) or all owner members |
| requests | by_user(user_id, [status], [cursor], [per_page]) | Get requests a user submitted or was the target of (paginated) |
| requests | by_resource(resource_id, [user_id], [status], [cursor], [per_page]) | Get historical requests for a resource (paginated) |
| requests | by_group(group_id, [user_id], [status], [cursor], [per_page]) | Get historical requests for a group (paginated) |
| risk | resource_sensitivity(resource_id) | Get the risk sensitivity level of a resource |
| risk | group_sensitivity(group_id) | Get the risk sensitivity level of a group |
| time | now() | Get the current Unix timestamp |
| time | from_unix(timestamp) | Convert a Unix timestamp to an RFC3339 string |
| time | is_before(timestamp1, timestamp2) | Check if the first timestamp is before the second |
| time | is_after(timestamp1, timestamp2) | Check if the first timestamp is after the second |
| time | seconds_since(timestamp1, timestamp2) | Get the number of seconds between two timestamps |
| time | minutes(n) / hours(n) / days(n) | Convert time intervals to seconds |
| entity | get_user(user_id) | Look up a user by ID |
| entity | get_group(group_id) | Look up a group by ID |
| entity | get_resource(resource_id) | Look up a resource by ID |
| tickets | providers.<PROVIDER> | Access an installed ticket provider (e.g. tickets.providers.JIRA) |
| tickets | list_projects(provider) | List projects on a provider; returns a dict keyed by project key |
| tickets | create_ticket(project, title, description) | Create a ticket on the provider; returns a ticket object |
| tickets | get_ticket(provider, remote_ticket_id) | Fetch an existing ticket by its remote identifier |
| tickets | comment_ticket(provider, remote_ticket_id, comment) | Add a comment to an existing ticket |
| tickets | close_ticket(provider, remote_ticket_id, [comment]) | Close a ticket, with an optional closing comment |