granola-enterprise-rbac
Configure enterprise role-based access control for Granola workspaces. Use when defining user roles, setting sharing permissions, configuring SSO group mappings, or implementing least-privilege access for meeting data. Trigger: "granola roles", "granola permissions", "granola access control", "granola RBAC", "granola admin roles".
78
75%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/saas-packs/granola-pack/skills/granola-enterprise-rbac/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that excels across all dimensions. It clearly specifies the domain (Granola enterprise RBAC), lists concrete actions, provides explicit 'Use when' guidance, and includes dedicated trigger terms that are both natural and distinctive. The description is concise yet comprehensive.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: defining user roles, setting sharing permissions, configuring SSO group mappings, and implementing least-privilege access for meeting data. These are clear, actionable capabilities. | 3 / 3 |
Completeness | Clearly answers both 'what' (configure enterprise RBAC for Granola workspaces) and 'when' (explicit 'Use when' clause with four specific scenarios, plus a dedicated Trigger section with exact phrases). | 3 / 3 |
Trigger Term Quality | Includes explicit trigger terms that users would naturally say: 'granola roles', 'granola permissions', 'granola access control', 'granola RBAC', 'granola admin roles'. Also includes natural phrases like 'sharing permissions', 'SSO group mappings', and 'least-privilege access'. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive due to the specific product name 'Granola' combined with the RBAC/access control domain. The trigger terms are all prefixed with 'granola', making conflicts with generic access control or other product skills very unlikely. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
50%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides a comprehensive guide to Granola enterprise RBAC configuration with good structural organization across 7 steps, useful tables, and practical examples. Its main weaknesses are the lack of validation checkpoints after critical configuration steps, the monolithic structure that could benefit from progressive disclosure, and the reliance on UI navigation paths rather than executable commands or API calls. The content is informative but could be more concise and more actionable.
Suggestions
Add explicit validation steps after key configurations — e.g., 'After mapping SSO groups, test by logging in as a user from each group and verifying they land in the correct workspace with the correct role.'
Split the permission matrix, audit log event table, and quarterly review checklist into separate reference files linked from the main skill to improve progressive disclosure and reduce the monolithic feel.
Where possible, provide API calls or CLI commands (e.g., SCIM API endpoints for provisioning, audit log export commands) instead of UI navigation paths to increase actionability.
Add a feedback loop for the offboarding process — e.g., 'Verify the user can no longer access Granola by checking the audit log for failed login attempts or confirming account status via SCIM API.'
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is reasonably well-structured but includes some unnecessary verbosity. The permission matrix, while useful, is extensive, and some sections like the role hierarchy explanation and multi-workspace examples add bulk. The examples with specific people names (Sarah Chen, Mike Johnson) are helpful but could be trimmed. Overall mostly efficient with some room for tightening. | 2 / 3 |
Actionability | The skill provides navigation paths (e.g., 'Organization Settings > Security > SSO > Group Mapping') and configuration examples, but these are UI navigation instructions rather than executable code/commands. The sharing policy configurations use pseudo-settings notation rather than actual API calls or CLI commands. The quarterly checklist is actionable but manual. No executable automation is provided. | 2 / 3 |
Workflow Clarity | The 7-step sequence is clearly laid out and logically ordered, and the user lifecycle section has good sub-steps. However, there are no explicit validation checkpoints — after configuring SSO group mappings, there's no 'verify the mapping works by testing with a user' step. After setting sharing policies, there's no verification step. For an enterprise RBAC configuration involving potentially destructive access changes, the lack of validation/feedback loops caps this at 2. | 2 / 3 |
Progressive Disclosure | The content is a single monolithic file with all details inline. The permission matrix, SSO mapping table, audit logging details, and error handling could be split into referenced files. The Resources section links to external docs, and there's a Next Steps reference, but the main content itself is quite long and would benefit from splitting detailed tables and checklists into separate reference files. | 2 / 3 |
Total | 8 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
70e9fa4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.