evernote-enterprise-rbac
Implement enterprise RBAC for Evernote integrations. Use when building multi-tenant systems, implementing role-based access, or handling business accounts. Trigger with phrases like "evernote enterprise", "evernote rbac", "evernote business", "evernote permissions".
77
73%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/saas-packs/evernote-pack/skills/evernote-enterprise-rbac/SKILL.mdEvernote Enterprise RBAC
Overview
Implement role-based access control for Evernote integrations, including Evernote Business account handling, shared notebook permissions, multi-tenant architecture, and authorization middleware.
Prerequisites
- Understanding of Evernote Business accounts and shared notebooks
- Multi-tenant application architecture
- Authentication/authorization infrastructure
Instructions
Step 1: Evernote Permission Model
Evernote has built-in sharing permissions for notebooks: READ_NOTEBOOK, MODIFY_NOTEBOOK_PLUS_ACTIVITY, READ_NOTEBOOK_PLUS_ACTIVITY, GROUP, FULL_ACCESS. Map these to your application's role system.
const EvernotePermissions = {
READ: 'READ_NOTEBOOK',
WRITE: 'MODIFY_NOTEBOOK_PLUS_ACTIVITY',
FULL: 'FULL_ACCESS'
};
const AppRoles = {
viewer: [EvernotePermissions.READ],
editor: [EvernotePermissions.READ, EvernotePermissions.WRITE],
admin: [EvernotePermissions.FULL]
};Step 2: RBAC Service
Build a service that checks whether a user has the required permission for an operation. Query shared notebook privileges via noteStore.listSharedNotebooks() and getSharedNotebookByAuth().
class RBACService {
async canAccess(userToken, notebookGuid, requiredPermission) {
const noteStore = this.getAuthenticatedNoteStore(userToken);
const sharedNotebooks = await noteStore.listSharedNotebooks();
const shared = sharedNotebooks.find(sn => sn.notebookGuid === notebookGuid);
if (!shared) return false;
return this.hasPermission(shared.privilege, requiredPermission);
}
}Step 3: Authorization Middleware
Create Express middleware that validates the user's Evernote token and checks permissions before allowing access to protected routes.
Step 4: Evernote Business Integration
For Evernote Business accounts, use authenticateToBusiness() to get a business token. Business notebooks are shared across the organization. Use getBusinessNotebooks() to list them.
Step 5: Multi-Tenant Support
Isolate tenant data by scoping all Evernote operations to the tenant's access token. Never mix tokens between tenants. Store tenant-to-token mappings with encryption at rest.
For the full RBAC service, middleware, Business account integration, and multi-tenant architecture, see Implementation Guide.
Output
- Evernote permission model mapped to application roles
RBACServiceclass with permission checking- Express authorization middleware for protected routes
- Evernote Business account integration
- Multi-tenant token isolation and scoping
Error Handling
| Error | Cause | Solution |
|---|---|---|
PERMISSION_DENIED | User lacks required notebook permission | Verify shared notebook privileges |
INVALID_AUTH | Business token expired | Re-authenticate with authenticateToBusiness() |
| Tenant data leak | Token scoping error | Validate tenant ID on every request |
LIMIT_REACHED on sharing | Too many shared notebooks | Clean up unused shares (500 max per notebook) |
Resources
Next Steps
For migration strategies, see evernote-migration-deep-dive.
Examples
Team workspace: Create a shared notebook for each team. Assign editor role to team members and viewer role to stakeholders. Use middleware to enforce permissions on all note operations.
Business account sync: Authenticate to the business account, list all business notebooks, and sync shared notes to a central dashboard accessible by all organization members.
- Commit
70e9fa4
- Last updated
- Created
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.