Documentation

Special Roles in Opal

Suggest Edits

The following roles in Opal are treated as resources -- a user's access to a role may be time-bounded, indefinite, etc. These roles are not scoped by resource but apply across the Opal platform, while Group/Resource Admins' capabilities are limited to the group or resource.

In Opal, we have the following special roles:

  • Admin: Super-admins who can add integrations to Opal, see and modify all settings, and manage all configurations for resources and groups
  • Auditor: Users who can start and stop user access reviews. In addition, they can assign any reviewer to review.
  • Read-only Admin: These users can see everything a super-admin can see, but otherwise have normal user privileges.
  • User Impersonation: Access to this resource lets you "impersonate" another Opal user, entering read-only mode to see what they see.

Additionally, we also have the following roles that can be assigned in the product:

  • Group/Resource Admins: These users have admin capabilities for the resources and groups that they own.

Capabilities of Roles

Global Permissions

Group/Resource Permissions

User Access Reviews

User Impersonation

Access requests for this resource require a specified user to impersonate, or Access Level:

Pre-requisite: An admin under must first Enable user impersonation capabilities by first going to Configurations in the Admin Panel and Settings then Advanced.

Updated 6 months ago