Skip to main content
Query Studio is an interactive tool for admins to query entities (users, resources, and groups) across your organization. Use it to understand who has access to what, audit access patterns across connections and entity types, and export results. Use Query Studio to:
  • Find all users with access to a specific resource or group
  • Find entities that users or groups have access to
  • Audit access patterns across connections and entity types
  • Save and share queries with other admins
  • Export query results for reporting

Requirements

You must be an Opal Admin to access and run queries in Query Studio. Saved queries can be marked public, making them visible and runnable by all admins in your organization.

Build a query

Using natural language

Type a plain-English description of the access you want to investigate and Query Studio will convert it to a structured query automatically. Examples:
  • “Users with access to AWS IAM roles”
  • “Who can access the Finance group?”
Natural language queries are powered by AI and can be enabled/disabled in Configuration > Organization Settings > AI Features.

Using the visual query builder

Build a query by combining filters:
  • Entity — Filter by a specific entity (user, resource, or group)
  • Entity Type — Filter by entity type: Users, Resources (e.g., AWS IAM Role, S3 Bucket), or Groups
  • Entity Name — Match entities by name using EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH
  • App — Filters to entities imported from a specific App in your Opal system (e.g., AWS Identity Center)
  • Tag — Filter by key-value tags applied to entities
  • Access Level Remote ID - Filter by access level remote id
  • Access relationships:
    • Accessed by — “who has access to this entity?”
    • Has access to — “what does this entity have access to?”
Combine multiple filters using All of / Any of boolean logic to narrow or broaden your results.

Run a query

Click Run or press Cmd+Enter (macOS) / Ctrl+Enter (Windows/Linux) to execute the query. Results appear in a table with clickable entity names. Scroll down to load more results.

Save and manage queries

Saving a query

Click Save to save your query filters. The query title and description are saved automatically as you type — or let the AI suggest a title. Queries are private by default, meaning only you can see them. Toggle visibility in the more options menu in the query view:
  • Private — visible only to you
  • Public — visible and runnable by all admins in your organization
The sidebar organizes your saved queries into two tabs — Private and Public:
  • Private — your own queries
  • Public — queries shared across your organization
Search by name, and sort by last updated or alphabetically. Each query shows its last-updated timestamp and creator.

Export

Export downloads the query definition as a ZIP file containing results and metadata JSON.
Export jobs have a 60-second timeout. Queries returning a large number of results may not complete within this limit. If an export times out, try narrowing your query filters before exporting.

Duplicate a query

Use Save as New Query to create a variation of an existing query without modifying the original.

Limitations

Query Studio currently supports node-based searches only — queries return entities (users, resources, groups) that match your filters at the present moment. The following are not yet supported:
  • Time-based filters (e.g., “users who logged in within the last 30 days”)
  • Negative filters (e.g., “users who do NOT have access to X”)
  • Filtering by user attributes such as department or manager
Last modified on February 26, 2026