Documentation

Making access requests

Suggest Edits

To request access to resources, use the Catalog in your Opal dashboard, or your connected productivity integration, such as Slack.

Request access in the Opal dashboard

📘

Unified admin and end user catalog

Admins and end users both request access using the app Catalog. The previous admin app Catalog used for managing apps is now the Inventory.

All users, including admins, request access through the Catalog or using the Request Access button.

In the Catalog, you can browse available apps to request. You can also find apps from the Search page.

After selecting an App, you can choose Resources that you want to request. Resources are specific permissions within applications. Here are some examples of resources:

  • Salesforce: Roles, profiles, and permission sets
  • GitHub: Repositories, Teams
  • Amazon Web Services: IAM Roles, databases (RDS), and compute (EC2)

To make a request, open the resource and select Request in the Actions column, or select Request Access in the sidebar.

You will have the following options:

  • Reason: This is a mandatory field by default - please denote the reason for the access request. This field can be hidden in the resource's request configuration by admins if desired.
  • Expires in: Please specify for how long you need access. Although there are default values, you can request for a custom range by clicking on "Custom"
  • Expire access when ticket is closed: If you don't know how long you'll need access, you can bind the access request to a support ticket that is assigned to you. Once the ticket is completed, then your access will be automatically revoked.

You may request access on behalf of another user. For security reasons, this functionality is limited as follows:

  • Opal Admins can request access on behalf of all users for all resources
  • Resource and group admins can request access on behalf of others for those resources and groups where they are an admin
  • Managers can request access on behalf of their reports for those resources to which the manager has access

Request access with productivity integrations

In Slack, if you type in /Opal or /access, you will be able to browse an app catalog

Afterwards, you can select the Resource by browsing the Items to Request.

Once you have made your selection, you can add the expiration and reason.

Updated about 1 month ago