Making access requests
Making requests via Web
By navigating to the Catalog on the web, you can browse the Apps Catalog:
After selecting an App, you can choose Resources that you want to request. Resources are specific permissions within applications. Here are some examples of resources:
- Salesforce: Roles, profiles, and permission sets
- GitHub: Repositories, Teams
- Amazon Web Services: IAM Roles, databases (RDS), and compute (EC2)
To make a request, open the resource and click on the Request button.
You will have the following options:
- Reason: This is a mandatory field by default - please denote the reason for the access request. This field can be hidden in the resource's request configuration by admins if desired.
- Expires in: Please specify for how long you need access. Although there are default values, you can request for a custom range by clicking on "Custom"
- Expire access when ticket is closed: If you don't know how long you'll need access, you can bind the access request to a support ticket that is assigned to you. Once the ticket is completed, then your access will be automatically revoked.
You may request access on behalf of another user. For security reasons, this functionality is limited as follows:
- Opal Admins can request access on behalf of all users for all resources
- Resource and group admins can request access on behalf of others for those resources and groups where they are an admin
- Managers can request access on behalf of their reports for those resources to which the manager has access
Making requests via Slack
In Slack, if you type in /Opal or /access, you will be able to browse an app catalog
Afterwards, you can select the Resource by browsing the Items to Request.
Once you have made your selection, you can add the expiration and reason.
Updated 3 months ago