granola-enterprise-rbac
tessl install github:jeremylongshore/claude-code-plugins-plus-skills --skill granola-enterprise-rbacEnterprise role-based access control for Granola. Use when configuring user roles, setting permissions, or implementing access control policies. Trigger with phrases like "granola roles", "granola permissions", "granola access control", "granola RBAC", "granola admin".
Review Score
71%
Validation Score
13/16
Implementation Score
50%
Activation Score
90%
Generated
Validation
Total
13/16Score
Passed| Criteria | Score |
|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) |
metadata_version | 'metadata' field is not a dictionary |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata |
Implementation
Suggestions 4
Score
50%Overall Assessment
This skill provides comprehensive RBAC documentation with well-structured permission matrices and role definitions. However, it's overly verbose for a skill file, lacks executable code/API examples, and would benefit from splitting detailed reference content into separate files. The workflows need explicit validation steps for role changes and access modifications.
Suggestions
- Add executable API calls or CLI commands for role assignment instead of UI-based instructions (e.g., `curl -X POST /api/users/{id}/role -d '{"role": "team_lead"}'`)
- Split detailed content (permission matrices, SSO configuration, audit policies) into separate reference files and link from a concise overview
- Add validation checkpoints to workflows: after role assignment, include steps to verify the change took effect (e.g., 'Verify: Check user's effective permissions in Settings > Users > [user] > Permissions')
- Consolidate the seven role definition YAML blocks into a single comparison table to reduce redundancy
| Dimension | Score | Reasoning |
|---|---|---|
Conciseness | 2/3 | The content is comprehensive but includes some redundancy - the role definitions in YAML format repeat information that could be consolidated. The permission matrices are efficient, but the overall document could be tightened by combining similar sections. |
Actionability | 2/3 | Provides structured YAML configurations and permission matrices, but lacks executable code or API calls. The 'Via Admin Panel' steps are UI-based instructions rather than programmatic commands, and custom role definitions are templates rather than copy-paste ready implementations. |
Workflow Clarity | 2/3 | Role assignment and lifecycle workflows are listed but lack validation checkpoints. The 'Quarterly Access Review' has a checklist but no verification steps to confirm changes were applied correctly. Missing feedback loops for role changes (e.g., verify role applied, test access). |
Progressive Disclosure | 2/3 | Content is well-organized with clear sections and headers, but the document is monolithic - detailed permission matrices, SSO configuration, and audit policies could be split into separate reference files. External links are provided but internal file references for detailed topics are missing. |
Activation
Suggestions 1
Score
90%Overall Assessment
This is a well-structured skill description with excellent trigger term coverage and clear 'when to use' guidance. The main weakness is that the capabilities could be more specific - it describes the domain well but doesn't enumerate concrete actions like creating roles, assigning permissions to specific resources, or auditing access. The Granola-specific naming provides strong distinctiveness.
Suggestions
- Add more specific concrete actions such as 'create and manage user roles', 'assign granular permissions to resources', 'audit access logs', or 'configure role hierarchies' to improve specificity.
| Dimension | Score | Reasoning |
|---|---|---|
Specificity | 2/3 | Names the domain (role-based access control for Granola) and mentions some actions (configuring roles, setting permissions, implementing policies), but lacks specific concrete actions like 'create admin roles', 'assign read-only permissions', or 'audit access logs'. |
Completeness | 3/3 | Clearly answers both what (enterprise role-based access control for Granola) and when (configuring roles, setting permissions, implementing access control policies) with explicit trigger phrases provided. |
Trigger Term Quality | 3/3 | Explicitly lists natural trigger phrases users would say: 'granola roles', 'granola permissions', 'granola access control', 'granola RBAC', 'granola admin'. Good coverage of variations including the technical acronym RBAC. |
Distinctiveness Conflict Risk | 3/3 | Highly distinctive due to the specific product name 'Granola' combined with RBAC domain. The explicit trigger phrases all include 'granola' prefix, making conflicts with generic access control skills unlikely. |