databricks-enterprise-rbac
Configure Databricks enterprise SSO, Unity Catalog RBAC, and organization management. Use when implementing SSO integration, configuring role-based permissions, or setting up organization-level controls with Unity Catalog. Trigger with phrases like "databricks SSO", "databricks RBAC", "databricks enterprise", "unity catalog permissions", "databricks SCIM".
84
82%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Risky
Do not use without reviewing
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly defines its scope around Databricks enterprise administration features. It excels in all dimensions by listing concrete capabilities, providing explicit 'Use when' and 'Trigger with' clauses, and using highly specific domain terminology that minimizes conflict risk. The description uses proper third-person voice and is concise without unnecessary padding.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'Configure Databricks enterprise SSO', 'Unity Catalog RBAC', and 'organization management'. These are distinct, concrete capabilities rather than vague abstractions. | 3 / 3 |
Completeness | Clearly answers both 'what' (configure SSO, Unity Catalog RBAC, organization management) and 'when' (explicit 'Use when' clause covering SSO integration, role-based permissions, organization-level controls, plus a 'Trigger with phrases' section). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms including 'databricks SSO', 'databricks RBAC', 'databricks enterprise', 'unity catalog permissions', 'databricks SCIM', plus contextual phrases like 'SSO integration', 'role-based permissions', and 'organization-level controls'. These are terms users would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche: Databricks-specific enterprise SSO, Unity Catalog RBAC, and SCIM. The combination of Databricks + SSO + Unity Catalog + RBAC creates a very specific domain unlikely to conflict with other skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a comprehensive, highly actionable skill with excellent executable code examples covering the full Databricks enterprise RBAC lifecycle. Its main weaknesses are the lack of validation checkpoints between steps (e.g., verifying SCIM sync before granting privileges) and the monolithic structure that could benefit from splitting detailed code into supporting files. The content is slightly verbose but generally well-organized with a useful error handling table and permission matrix.
Suggestions
Integrate validation steps into the workflow — e.g., after Step 1 add 'Verify groups synced: `databricks account groups list | grep data-engineers`' and after Step 2 add 'Verify grants: `SHOW GRANTS ON CATALOG analytics`' before proceeding.
Consider splitting detailed code (cluster policies, row-level security, audit queries) into separate bundle files referenced from the main SKILL.md to improve progressive disclosure and reduce token load.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is mostly efficient with concrete code examples, but it's quite long (~200 lines of code) and includes some unnecessary commentary (e.g., 'Privilege model: CATALOG > SCHEMA > TABLE/VIEW/FUNCTION' is something Claude knows). The overview paragraph explaining Unity Catalog's three-level namespace is borderline redundant. Some code blocks could be trimmed. | 2 / 3 |
Actionability | Excellent actionability with fully executable CLI commands, Python SDK code, and SQL statements throughout. Every step includes copy-paste ready code with realistic examples covering group creation, privilege grants, cluster policies, row-level security, service principals, and audit queries. | 3 / 3 |
Workflow Clarity | Steps are clearly sequenced (1-7) and logically ordered from group provisioning through audit. However, there are no explicit validation checkpoints between steps — for example, no verification that SCIM sync succeeded before granting privileges, or that grants were applied correctly before proceeding. The 'Verify Current Permissions' section is in Examples rather than integrated as a validation step in the workflow. | 2 / 3 |
Progressive Disclosure | The content is well-structured with clear sections and a helpful permission matrix reference, but it's a monolithic document with ~200+ lines of inline code that could benefit from splitting (e.g., cluster policies, row-level security, and audit queries could be separate reference files). External links to Databricks docs are provided but no bundle files exist to offload detailed content. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
3a2d27d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.