Documentation

Access Reviews

Suggest Edits

Opal can be used to automate user access reviews. The platform lets compliance teams:

  1. Snapshot user access at the time the review is started
  2. Intelligently assign reviews for resource owners to review in a self-service way
  3. Scope reviews by resource and group attributes
  4. Generate a report to summarize all actions for audit purposes

Starting a User Access Review

Assuming the Opal Auditor role

To start a user review, you must have the Opal Auditor role.

In the Apps tab, select Opal. Here you'll find the Opal Auditor role. 

📘

Note

If you're an Opal Admin, you can add yourself directly to the resource by navigating to the Users tab and clicking on the pencil icon.

If you are not, you can request access to the role.

Configurations for User Access Reviews

Start an access review from the + button in the Ongoing column.

General info

  1. Name of User Access Review:  Customize the name of the review

  2. Access review deadline:  Set the deadline that reviewers have the complete the review by

  3. Timezone: Set the timezone that will be used across reviews

Scope

  1. Filter by user: Include only resources and groups that certain users have access to in the review. The user filter is applied first before any other filters are applied to entities.

  2. Filter by specific entities: Select specific resources, groups, and apps to include in the review

  3. Filter by apps: Specify resources and groups to include from certain apps

  4. Filter by admin: Include resources and groups with owners of specified admins

  5. Filter by resource and group type: Include resources and groups of certain types

  6. Filter by tags: Include resources and groups with certain tags

  7. Filter by name: Include resources and groups that match a provided substring

Notifications

  1. New review notifications: Notify users on Slack and Email if they are selected as a reviewer

  2. Reminder notifications:  Preset campaign reminders to reviewers with incomplete reviews

Reviewer assignment rules

  1. Reviewer auto-assignment: Automatically set the reviewer to be the admins of owning teams, managers, or manually assign reviewers.

  2. Self-review warning: Enable Opal to enable warnings for self-reviews

Updated about 2 years ago