Special Roles in Opal
The following roles in Opal are treated as resources -- a user's access to a role may be time-bounded, indefinite, etc. These roles are not scoped by resource but apply across the Opal platform, while Group/Resource Admins' capabilities are limited to the group or resource.
In Opal, we have the following special roles:
- Admin: Super-admins who can add integrations to Opal, see and modify all settings, and manage all configurations for resources and groups
- Auditor: Users who can start and stop user access reviews. In addition, they can assign any reviewer to review.
- Read-only Admin: These users can see everything a super-admin can see, but otherwise have normal user privileges.
- User Impersonation: Access to this resource lets you "impersonate" another Opal user, entering read-only mode to see what they see.
Additionally, we also have the following roles that can be assigned in the product:
- Group/Resource Admins: These users have admin capabilities for the resources and groups that they own.
Capabilities of Roles
Global Permissions
Group/Resource Permissions
User Access Reviews
User Impersonation
Access requests for this resource require a specified user to impersonate, or Access Level:
Pre-requisite: An admin under must first Enable user impersonation capabilities by first going to Configurations in the Admin Panel and Settings then Advanced.
Updated 4 months ago