Dec 8, 2021

Announcing Resource and Group Policies

With our new policies tab, you can set powerful rules for your resources without code.

Joyce Ling

Our recent feature launch gives you the ability to set easy no-code policies on a resource and group-level, with all of it organized neatly in its own tab.

You can define these policies per resource or group so you and your team can get as granular as needed.

Let's highlight some of the cool things you can do in this tab.

A Single Source of Truth

Before, you could assign either Opal or another connected service as the single source of truth.

Now, we're getting more specific. You can now designate specific resources or groups as the source of truth that populates connected services. Simply, if a resource is set as the source of truth, it can update the data in a connected service. Otherwise, the resource will be read-only, presenting the data from a connected service in Opal's friendly interface.

Access Requests With Built-In Safeguards

You can set a maximum duration of access for specific resources or groups, which is exactly what it sounds like: Instead of having users slipping through the cracks with indefinite access, Opal limits the max duration of requests.

You can also require manager approval or bind a support ticket to access requests, which adds a layer of automated security when giving access to sensitive resources.

Intelligent Approval Workflow

One of the important features Opal brings is the ability to designate an owning team. Instead of scrambling to figure out who has final say, Opal makes the owning team clear.

With the latest launch, we've now added the ability to require approvals from multiple admins. This makes it easy to get more eyes on sensitive resources while keeping everyone in the loop.

We're also giving admins the ability to designate auto-approvals for resources that are less sensitive or part of standard procedure.

For example, it might make sense to auto-approve access requests to Slack when new employees join your organization. Otherwise, it can get pretty overwhelming for approvers and sensitive requests getting lost in the noise.

Linked Slack Channels

Last but not least, we bring you linked Slack channels!

For those especially sensitive resources, you can designate a Slack channel to send updates when someone makes a request, gets access, etc. Not only does this allow you to have a history of actions you can pull up in any team meeting easily, it also gives you real-time insight into how a resource is being used.

Setting a linked Slack channel is easy:

Once linked, Opal will ping the designated channel with updates to that resource. In this example, we assign access to a user and see the message come across in Slack.

Questions? Comments? Shoot us an email at or visit our website at

Joyce Ling

Updates + insights about the future of access management