Skip to main content
Utility modules provide common functionality available to all OpalScript types. These modules help you query Opal’s data and make informed decisions.

Query Opal’s access graph

accesslib Module

The accesslib module provides functions to query Opal’s access graph. Use it to check existing permissions when making automation decisions. accesslib.check_access(principal_id, entity_id, [access_level_remote_id]) checks whether a principal (user or group) currently has access to an entity (resource or group).
Parameters
principal_id
string (UUID)
required
The ID of the user or group to check
entity_id
string (UUID)
required
The ID of the resource or group to check access to
access_level_remote_id
string (UUID)
Filter by specific access level (e.g., "admin", "viewer")
Returns
True if access exists, False otherwise
Examples 
# Check if user has any access to a resource
has_access = accesslib.check_access(
    "550e8400-e29b-41d4-a716-446655440000",  # user ID
    "660e8400-e29b-41d4-a716-446655440001"   # resource ID
)

if has_access:
    print("User already has access")

# Check if user has a specific access level
is_admin = accesslib.check_access(
    user_id,
    resource_id,
    "admin"
)

if is_admin:
    print("User is an admin")

# Check group membership
in_engineering = accesslib.check_access(
    user_id,
    engineering_group_id
)

Send notifications

notificationslib Module

The notificationslib module provides functions to send notifications to users, admins, and owners from within a script.

Notify a user

notificationslib.notify_user(user_id, title, body) sends a notification to a specific user via email and Slack (if configured).
Parameters
user_id
string (UUID)
required
The ID of the user to notify
title
string
required
Notification title
body
string
required
Notification body
Returns
True if the notification was sent successfully, False otherwise
Example 
request = context.get_request()
notificationslib.notify_user(
    request.requester_id,
    "Access request flagged",
    "Your request has been flagged for manual review."
)

Notify all admins

notificationslib.notify_admins(title, body) sends a notification to all Opal admins.
Parameters
title
string
required
Notification title
body
string
required
Notification body
Returns
True if the notification was sent successfully, False otherwise
Example 
notificationslib.notify_admins(
    "Unusual access request",
    "A request for admin access was auto-denied due to an anomalous pattern."
)

Notify an owner

notificationslib.notify_owner(owner_id, title, body) sends a notification to an owner. If the owner has a Slack message channel configured, the notification is sent to that channel only. Otherwise it is sent to all individual users in the owner.
Parameters
owner_id
string (UUID)
required
The ID of the owner to notify
title
string
required
Notification title
body
string
required
Notification body
Returns
True if the notification was sent successfully, False otherwise
Example 
notificationslib.notify_owner(
    "770e8400-e29b-41d4-a716-446655440002",
    "Request requires review",
    "A high-privilege access request has been submitted and needs manual approval."
)