Changelog

Version 1.990.0

by Sravan
  • Deprecated RESOURCES_ADDED_TO_GROUPS, GROUP_RESOURCES_UPDATED, and RESOURCES_REMOVED_FROM_GROUPS events and migrated them to ROLE_ASSIGNMENT_CREATED, ROLE_ASSIGNMENTS_UPDATED, and ROLE_ASSIGNMENTS_DELETED, respectively
  • Added search query to URL for user group, user resources, resource groups, resource roles, and group users tables
  • Updated styling of request duration dropdown
  • Updated styling of the group access tab of a group
  • Fixed access review metrics to correctly count only users specified in filters when generating reports for User Access Reviews.
  • Added an access level column to a user resource and user group tables
  • Updated terminology for inventory apps + bundles to contain "assets" (resources and groups)
  • Added requested by for all requests requested by someone else
  • Added opal_org_name name field to event streaming payload.
  • Added the ability to filter resources by ancestor in the GetResources API. This allows users to retrieve all resources that are descendants of a specified resource, making it easier to navigate hierarchical resource structures.
  • Fixed links from slack, emails, and google chat directing to broken pages
  • Fixed a bug where “Create Access Review Date” input could have the wrong dates
  • Fixed a bug where when adding resources to a group, an apps resources list would not expand.
  • Fixed a bug causing usage data to show as "Not Available" incorrectly for certain groups.
  • Fixed a bug where users resources page wasn't paginated
  • Fixed a bug where propagation tickets may not have displayed correctly

  • Fixed a bug where loading approved requests with a propagation ticket may have failed

Version 1.989.0

by Andri
  • Added a warning when setting a custom global max resource and group duration if it exceeds a year
  • Fixed broken labels on break glass modal

Version 1.988.0

by Andri
  • Performance improvements for the risk center.
  • Fixed colors for EC2 usage table in dark mode
  • Added more detail to some GCP connection creation errors.
  • Fixed a bug where the assignment of AWS Identity Center resources were not populated if one of their assignees is missing an email.

Version 1.987.0

by Andri
  • Fixed a bug causing access rules to sometimes not be synced.
  • Added groups and apps to UAR schedules table.
  • Changed UAR paths to used nested routes instead of category search params
  • Changed UAR schedules path from /access-reviews/t/{SCHEDULE_ID}?category=schedules to /access-reviews/{SCHEDULE_ID}
  • Converted all paths for UARs to routes instead of hashes. Eg. #my-review -> /my-review
  • Improved handling of LaunchDarkly errors and fallback to degraded experience if it is down.
  • Fixed a bug where GCP projects would not be removed from Opal after being deleted in GCP.

Version 1.986.0

by Andri
  • Updated request form label from Expires In to How long do you need access?
  • Opal can now automatically revoke access from users in end systems when they are deprovisioned in IDP/HRIS systems. This can be enabled in IDP/HRIS settings.
  • Added max possible duration option when creating an API Access Token
  • Fixed missing My Access toggle in app detail view in Catalog
  • The "Connect" button for AWS Identity Center Roles now directly links to an AWS session using the role in question rather than the AWS Identity Center start page.

Version 1.985.0

by Andri
  • Improved the sorting order for the last used field in the risk center to make it easier to view usage data.
  • Visibility configuration can now be modified for Access Rules & Okta group rules.
  • Minor UI changes to Risk Center.
  • Added 'New Access Request' entry to quick search menu.
  • Mitigated an issue where Okta replication lag would result in stale data to be imported.
  • Removed feature-flagging service from the critical path such that the app functions if it goes down.

Version 1.984.0

by Andri
  • Improved API request validation to properly handle all requests with bodies. This fixes an issue creating and modifying terraform resources using apis with no request body.
  • Added the ability to update a user's access level or duration in a group via the API.
  • Fixed a bug when setting a custom duration for an Owner Escalation Policy would default to an invalid '0' option.
  • Fixed a bug where some custom connector login events were not attributed to their resource.
  • AWS, Azure and GCP apps now default to list view in the UI.

Version 1.982.0

by Anna
  • Deleted Opal v2
  • Clarified copy on unrequestable items
  • Fixed a bug in the risk center where different access levels would cause the wrong expiration to be displayed.
  • Added titles column to inventory users table
  • Added direct reports to user hovercards
  • Added ingestion of GCP service account usage events.
  • Began ingesting usage data for GCP service account resources.
  • Fix GitHub Org Role icon

Version 1.981.0

by Anna
  • Normalized default access request durations instead of interpolating
  • Updated tabs for groups to use nested routes rather than hashes
  • Fixed links to Inventory users with invalid characters
  • Fixed access counts for users in the inventory users table
  • Updated resource and app paths to use sub routes instead of hashes. Eg. #resources is now /resources
  • Updated ui for custom access request template order

Version 1.979.0

by Giulio
  • Fixed Snowflake sync bug that caused errors
  • Fixed some page load performance issues on inventory detail pages