granola-enterprise-rbac
Configure enterprise role-based access control for Granola workspaces. Use when defining user roles, setting sharing permissions, configuring SSO group mappings, or implementing least-privilege access for meeting data. Trigger: "granola roles", "granola permissions", "granola access control", "granola RBAC", "granola admin roles".
62
75%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/saas-packs/granola-pack/skills/granola-enterprise-rbac/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that clearly defines its scope (enterprise RBAC for Granola workspaces), lists specific capabilities, provides explicit 'Use when' guidance, and includes dedicated trigger terms. The description is concise, uses third-person voice, and would be easily distinguishable from other skills in a large skill library.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: defining user roles, setting sharing permissions, configuring SSO group mappings, and implementing least-privilege access for meeting data. These are clear, actionable capabilities. | 3 / 3 |
Completeness | Clearly answers both 'what' (configure enterprise RBAC for Granola workspaces) and 'when' (explicit 'Use when' clause with four specific scenarios, plus a dedicated Trigger section with exact phrases). | 3 / 3 |
Trigger Term Quality | Includes explicit trigger terms that users would naturally say: 'granola roles', 'granola permissions', 'granola access control', 'granola RBAC', 'granola admin roles'. Also includes natural phrases like 'sharing permissions', 'SSO group mappings', and 'least-privilege access'. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive due to the specific product name 'Granola' combined with the RBAC/access control domain. The trigger terms are all prefixed with 'granola', making conflicts with generic access control or other product skills very unlikely. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
50%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides a comprehensive RBAC configuration guide with useful reference tables and clear step sequencing, but it suffers from being overly long and monolithic for a single SKILL.md file. The lack of validation checkpoints between steps is a notable gap for a security-critical configuration workflow. The actionability is moderate — navigation paths are specific but there are no executable commands or API calls to verify configurations.
Suggestions
Add explicit validation checkpoints after key steps, e.g., 'After Step 3, test by logging in as a user from each SSO group and verify they land in the correct workspace with the correct role.'
Split the permission matrix, sharing policy templates, and audit log details into separate referenced files to improve progressive disclosure and reduce the main file's length.
Include concrete verification commands or API calls (if Granola Enterprise API supports it) to programmatically confirm role assignments and sharing policies are correctly applied.
Remove the fictional user examples (Sarah Chen, Mike Johnson) and replace with a generic pattern description to improve conciseness.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is reasonably well-structured but includes some unnecessary verbosity. The permission matrix, role hierarchy, and sharing policy sections are useful reference material, but the overall document is quite long (~180 lines) for what is essentially a configuration guide. Some sections like the multi-workspace membership examples with fictional names add marginal value. The quarterly checklist and lifecycle sections could be tighter. | 2 / 3 |
Actionability | The skill provides specific navigation paths (e.g., 'Organization Settings > Security > SSO > Group Mapping') and structured tables, which is helpful. However, there is no executable code or API calls — everything is UI-based configuration described in prose/pseudo-config blocks. The sharing policy configurations use a pseudo-config format that isn't actually executable. For an enterprise admin configuration skill, this is adequate but not fully concrete. | 2 / 3 |
Workflow Clarity | The 7-step sequence is clearly numbered and logically ordered. However, there are no explicit validation checkpoints between steps — for instance, after mapping SSO groups (Step 3), there's no 'verify a test user gets the correct role' step. The user lifecycle section in Step 7 has good sequencing but the overall workflow lacks feedback loops for verifying that configurations were applied correctly, which is important for security-critical RBAC setup. | 2 / 3 |
Progressive Disclosure | The content is entirely monolithic — all detail is inline in a single file with no bundle files. The permission matrix, sharing policies, audit logging details, and error handling could be split into referenced files. The Resources section links to external docs, and there's a 'Next Steps' reference, but the main content is a wall of tables and configuration blocks that would benefit from being split into separate reference files. | 2 / 3 |
Total | 8 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
d41e58e
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.