Requesting Access

Learn how to request access to Opal resources.

To request access to resources, use the Catalog in your Opal dashboard, or your connected productivity integration, such as Slack.

Request access in the Opal UI

End users request access through the Catalog or using the Request Access button. You can also find apps from the Search page.

After selecting an app, you can choose Resources that you want to request. Resources are specific permissions within applications. Example resources include:

  • Salesforce: Roles, profiles, and permission sets
  • GitHub: Repositories, Teams
  • Amazon Web Services: IAM Roles, databases (RDS), and compute (EC2)

To make a request, open the resource and select Request in the Actions column, or select Request Access in the sidebar.

Enter the following fields:

  • Reason: By default, this is a required field by default. Admins can hide this field using the request configuration settings.
  • Expires in: Specify how long you need access. Use the default values, or request a custom range by selecting Custom.
  • Expire access when ticket is closed: If you don't know how long you'll need access, you can bind the access request to a support ticket that is assigned to you. Once the ticket is completed, your access will be automatically revoked.

You may request access on behalf of another user. For security reasons, this functionality is limited to the following groups.

  • Opal Admins can request access on behalf of all users for all resources.
  • Resource and group admins can request access on behalf of others for those resources and groups where they are an admin.
  • Managers can request access on behalf of their reports for those resources to which the manager has access.

Request access with productivity integrations

In Slack, if you type in /Opal or /access, you can browse an app catalog.

You can then select the Resource by browsing the Items to Request.

Once you have made your selection, you can add the expiration and reason.


What happens after my access request?


Once approved, you will be notified in Slack as well.

If you want to learn more about your request, you can click on the Access request pending button in Slack, or go to the Requests page in the Opal dashboard.

From here you can:

  • See the status of your request
  • See who the reviewers are
  • Send reminders to your reviewers
  • Cancel your request
  • Escalate approval of your request to your skip manager by clicking "Escalate to Skip Manager


How can I escalate my request?

If your approver is your manager you can escalate your request to your skip manager by clicking the "Escalate to Skip Manager" to notify your skip to approve your request. This is especially useful if your manager is unavailable and your request is urgent.


How can I approve access requests?

You will be notified via Slack and Email if you are a reviewer. In Slack, approvers can approve or reject access requests. This will automatically provision access.

In addition, requestors and requestees can also leave comments in Slack. Replies in the thread via Slack will show as comments in Opal. These comments will bi-directionally sync with Opal's web app.

What happens if my access expires?

If you have been granted short-lived access to a resource and the time limit has expired, then Opal will automatically revoke your access.

If your request is for greater than 24 hours, then Opal will send out a notification 1 day and 1 hour before to remind you to extend access. You will only receive a reminder notification if your access originated from a request. You will not get a notification if you were manually added to the resource or group by an admin.

When your access expires after the requested duration, Opal sends you a Slack notification with a link to easily re-request.