From Engineer to CISO

One platform. Every role. Access that works for the people who need it — and the ones accountable for it.

Sarah · Security Director Marcus · Engineering Manager Priya · Software Engineer David · CISO

The People Behind Access Governance

Opal isn't a product for one team. It reshapes how every person in an organization interacts with access — from the engineer requesting it to the CISO accountable for it.

SC

Sarah Chen

Director of Security & Compliance

Runs every quarterly review cycle and owns the audit relationship. Her quarter is defined by whether evidence is ready when the auditor calls. Before Opal: weeks of spreadsheets. After: the audit closes before her coffee gets cold.

UAR Reimagined OpalQuery OpalScript Paladin

ML

Marcus Lee

Engineering Manager, Platform Team

Assigned reviewer every quarter. Responsible for validating his team's access across 15+ systems while also shipping software on deadline. Before Opal: 300-row spreadsheets with zero context. After: focused on the 12 items that actually need him.

Reviewer Portal Paladin AI OpalQuery

PS

Priya Sharma

Senior Software Engineer, Infrastructure

Needs fast, clean access to do her job. Has on-call responsibilities that require elevated permissions at unpredictable hours. Before Opal: Jira tickets, 4-hour waits, permanent over-provisioning. After: access on demand, auto-expiring, zero drift.

JIT Access ZSP Opal Home Paladin AI

DP

David Park

Chief Information Security Officer

Accountable to the board for the entire organization's identity risk posture. Needs continuous, not quarterly, visibility. Before Opal: a black box that only opens at audit time. After: live risk posture, SoD enforcement, and a board slide that's never stale.

Paladin AI OpalQuery OpalScript ZSP

SARAH CHEN

Director of Security & Compliance

· SOC2 is in 8 weeks. She's running 5 reviews at once.

SC

Sarah Chen

Director of Security & Compliance

Public SaaS · SOC2 Type II + SOX

Her Challenge

Every quarter, Sarah manually exports user lists from 12 systems, builds spreadsheets, assigns reviewers by email, chases them for 3 weeks, assembles evidence, and hopes nothing slips through the cracks before the auditor calls. It takes 40–60 hours. It burns out her team. And it's entirely preventable.

How Opal Transforms Her Work

UAR REIMAGINED

Launch in minutes, not weeks. AI-generated scope from natural language, reviewers auto-assigned by role, real-time progress dashboard, and one-click nudge campaigns for anyone falling behind.

OPALQUERY

Answer "who has access to X?" instantly — without filing a ticket or calling engineering. Visual access explorer that turns a 2-day investigation into a 2-minute query. Sarah runs it live in compliance meetings.

OPALSCRIPT

Policies that enforce themselves. When an employee leaves, OpalScript automatically revokes their access across every connected system — no manual steps, no missed accounts, no audit finding.

PALADIN AI

Surface violations before auditors do — and handle 85% of reviews automatically. Paladin detects SoD conflicts, shadow access paths, and permanent grants in real time, surfacing them to Sarah first. Its confidence scoring then pre-approves low-risk review items so her team focuses only on exceptions that actually need judgment.

Sarah's Full Stack

UAR Reimagined OpalQuery OpalScript Paladin AI

In Her Own Words

"For the first time, I'm not in a panic the week before our SOC2. The audit evidence is already assembled. I actually slept."

Impact

70%

Faster reviews

0

Spreadsheets

1-click

Audit export

Live

Risk posture

MARCUS LEE

Engineering Manager, Platform Team

· 300 review items. Sprint week. Zero context.

ML

Marcus Lee

Engineering Manager, Platform Team

Cloud-Native SaaS · 18-person team · 15+ connected systems

His Challenge

Quarterly, Marcus gets a spreadsheet: 300 rows, three columns, no usage data, no risk signals. He has a sprint deadline in 3 days and Sarah is emailing him twice a day. So he does what every reviewer does — clicks approve on everything. The compliance check completes. Nothing meaningful was reviewed.

How Opal Transforms His Work

PALADIN AI

85% handled before he opens the queue. Paladin auto-approves items it's confident about — low usage, low risk, peer-consistent access. Marcus's 300-item queue becomes 40 items that genuinely need his judgment.

REVIEWER PORTAL

Context that makes decisions meaningful. Every item shows last-used date, frequency, peer comparison ("3 of 5 engineers with this role have this access"), and Paladin's risk signal. Marcus makes 40 real decisions, not 300 blind ones.

OPALQUERY

Pre-review intelligence. Before review season opens, Marcus runs a quick OpalQuery on his team's access footprint — spots obvious over-provisioning, flags it proactively. He shows up to the review already informed, not scrambling.

ZSP DIVIDEND

Fewer items because access doesn't accumulate. Because Priya and his team use JIT with Zero Standing Privilege, stale access doesn't pile up between reviews. His quarterly queue shrinks every cycle — not because things slip through, but because they expire.

Marcus's Full Stack

Paladin AI Reviewer Portal OpalQuery ZSP (indirect)

In His Own Words

"Opal turned my quarterly grudge task into 45 minutes of actual decision-making. And I actually feel like I did it right."

Impact

85%

AI accuracy

45min

Review time

↓60%

Queue size (ZSP)

Real

Decisions made

PRIYA SHARMA

Senior Software Engineer, Infrastructure

· On-call in 20 minutes. Needs prod access. Has zero.

PS

Priya Sharma

Senior Software Engineer, Infrastructure

Developer-first · On-call rotations · Multi-cloud environment

Her Challenge

Priya doesn't think about security tools — she thinks about shipping. But access is constantly in her way: Jira tickets that take hours, permanent permissions no one ever revokes, and a quarterly email from "Compliance" asking her to click something she doesn't understand. Access is friction, not enablement.

How Opal Transforms Her Work

JIT ACCESS

Access in seconds, not hours. Priya types /access prod-db 4h in Slack. Paladin evaluates role consistency, existing paths, and duration — and approves in under 30 seconds. Access expires automatically. No ticket. No wait.

ZSP

Zero Standing Privilege as a design principle. Priya never accumulates permanent access to things she doesn't actively need. No ghost permissions from 2 years ago. No "just in case" grants. Her access footprint is always minimal, always intentional — and her quarterly review queue reflects it.

OPAL HOME

Full self-service visibility. Opal Home gives Priya a dashboard of all her current access, what expires when, and any pending requests. She can request new access, extend expiring grants, or see why something was denied — without ever emailing IT.

OPALSCRIPT

Policies that work for her, invisibly. When Priya joins a new team or changes roles, OpalScript automatically provisions the access her role requires and revokes what she no longer needs. She just shows up to work. The right doors are already open.

SELF-ATTESTATION

Reviews that respect her time. When a quarterly review touches her access, Priya gets a Slack notification with a simple inline flow — justify or flag in 60 seconds. No confusing spreadsheets. No compliance email thread. Just a question and a click.

Priya's Full Stack

JIT Access ZSP Opal Home OpalScript Paladin AI

In Her Own Words

"I didn't even realize Opal was a security product at first. It just felt like a fast, normal way to get the access I need. That's the whole point, isn't it?"

Impact

<2min

Access time

0

Jira tickets

Auto

Expiry on JIT

60s

Self-attestation

DAVID PARK

Chief Information Security Officer

· Board meeting tomorrow. "What's our identity risk?" He doesn't know.

DP

David Park

Chief Information Security Officer

Enterprise · 800 employees · Multi-framework compliance

His Challenge

David is responsible for the entire organization's identity risk, but his visibility is essentially quarterly. Between audits, he has no live picture of who has access to what, no way to detect SoD violations until they're already in place, and no platform enforcing least-privilege at scale. He's reactive when he needs to be preventive.

How Opal Transforms His Work

PALADIN AI

Always-on identity risk intelligence. Paladin continuously scores every identity's access against expected behavior, role norms, and peer baselines — surfacing SoD conflicts, shadow access paths, and anomalous patterns in real time with risk scores and remediation paths. David's board slide is a live dashboard, never a stale PDF.

OPALQUERY

"Who has admin access to Snowflake right now?" Answered live in the board meeting. OpalQuery gives David an ad-hoc visual access explorer across every connected system — no engineering ticket, no waiting, no stale report.

OPALSCRIPT

SoD enforcement at request time, not audit time. OpalScript evaluates every access request against David's defined policies before it's approved. SoD violations can't happen — they're blocked inline. Violations go from "discovered in audit" to "impossible by design."

ZSP

Least privilege as a platform-wide posture. Zero Standing Privilege is David's strategic goal. With JIT access and auto-expiry across the org, the attack surface shrinks continuously — not just at review time. Blast radius of any compromise is structurally minimized.

David's Full Stack

Paladin AI OpalQuery OpalScript ZSP UAR Reimagined

In His Own Words

"For the first time I can answer 'what's our identity risk?' live in a board meeting. Not from a slide — from a live dashboard. That changes everything."

Impact

Live

Risk posture

0

SoD violations

24/7

Paladin coverage

↓ blast

radius via ZSP

One Platform. Four Stories. One Day.

Access governance isn't a security department problem — it's a moment-by-moment experience for every person in the org. Here's what that looks like on a single Tuesday.

Morning — Access happens in real time

8:02 AM

PS

Priya — On-call starts

Types /access prod-db 4h in Slack. Paladin checks role consistency and existing paths — approves in 28 seconds. Access expires at noon, automatically.

JIT ZSP Paladin AI

9:15 AM

DP

David — Paladin flags an anomaly

Paladin detects a user with both AP-write and Vendor-Management access — a live SoD violation. David opens OpalQuery, traces the conflict in 90 seconds, and triggers an OpalScript policy to block future grants like it.

Paladin AI OpalQuery OpalScript

11:30 AM

SC

Sarah — Q4 SOC2 review launches

Sarah uses UAR to describe the review in plain English. AI scopes 847 items across 6 reviewers in 3 connections, auto-assigns by role. The review is live before her 11:45 meeting.

UAR Reimagined Paladin AI

Afternoon — Reviews happen with context

2:00 PM

ML

Marcus — Opens review queue

300 items in scope. Paladin has pre-approved 261 of them. Marcus sees 39 items that need judgment — each showing last-used date, risk signal, and peer comparison. Done in 50 minutes. Meaningful decisions, not rubber stamps.

Reviewer Portal Paladin AI ZSP

3:30 PM

PS

Priya — Self-attestation arrives

Gets a Slack notification: "Does your Snowflake read access still reflect your current work?" She confirms in one tap. The review logs her response with a timestamp. Done in 40 seconds. She didn't even context-switch.

UAR Self-Attestation

5:00 PM

DP

David — Board prep

Opens Paladin dashboard. Risk posture: clean. Zero open SoD violations. 0 permanent grants outside policy. Q4 review 60% complete, on track. He screenshots the live dashboard for the board deck. No spreadsheet. No scramble.

Paladin AI OpalQuery OpalScript

Built for Every Person in the Org

Opal doesn't ask people to change how they work. It meets them exactly where they are — and makes access governance invisible to the people who shouldn't have to think about it.

70%

Faster for Sarah

85%

AI accuracy for Marcus

<2min

Access for Priya

24/7

Risk view for David