Skip to main content
AI/MLjeremylongshore

clade-enterprise-rbac

'Manage Anthropic workspaces, API keys, team access, and spending limits

Stars
2,267
Source
jeremylongshore/claude-code-plugins-plus-skills
Updated
2026-05-31
Slug
jeremylongshore--claude-code-plugins-plus-skills--clade-enterprise-rbac
View on GitHubRaw SKILL.md

// install — copy + paste into any project

mkdir -p .claude/skills && curl -fsSL https://raw.githubusercontent.com/jeremylongshore/claude-code-plugins-plus-skills/HEAD/plugins/saas-packs/claude-pack/skills/clade-enterprise-rbac/SKILL.md -o .claude/skills/clade-enterprise-rbac.md

Drops the SKILL.md into .claude/skills/clade-enterprise-rbac.md. Works with Claude Code, Cursor, and any agent that loads SKILL.md files from .claude/skills/.

Anthropic Enterprise & Access Management

Overview

Anthropic uses Organizations and Workspaces for access control. API keys are scoped to workspaces.

Organization Structure

Organization (your-company)
├── Workspace: Production
│   ├── API Key: prod-backend (Tier 4)
│   └── API Key: prod-frontend-proxy (Tier 2)
├── Workspace: Staging
│   └── API Key: staging-all (Tier 2)
└── Workspace: Development
    └── API Key: dev-team (Tier 1)

API Key Best Practices

Practice Why
One key per service/environment Isolate blast radius
Name keys descriptively prod-recommendation-service not key-1
Set spending limits per key Prevent runaway costs from bugs
Rotate quarterly Reduce exposure window
Never share dev and prod keys Different rate limit tiers

Spending Limits

Set in Anthropic Console → Settings → Limits:

  • Monthly spend limit: Hard cap on total spend
  • Per-key limits: Not yet available — use separate workspaces

Access Control Checklist

  • Separate workspaces for dev/staging/prod
  • Separate API keys per service
  • Spending alerts configured
  • Key rotation schedule (90 days)
  • Offboarding process: revoke keys when team members leave
  • Audit log review (Console → Logs)

Output

  • Separate workspaces for production, staging, and development
  • Dedicated API keys per service/environment with descriptive names
  • Spending limits and alerts configured
  • Key rotation schedule established (90-day cycle)
  • Access control checklist completed

Error Handling

Error Cause Solution
API Error Check error type and status code See clade-common-errors

Examples

See Organization Structure diagram, API Key Best Practices table, and Access Control Checklist above.

Resources

Next Steps

See clade-migration-deep-dive for migrating from other LLM providers.

Prerequisites

  • Anthropic Organization account at console.anthropic.com
  • Admin access to create workspaces and API keys
  • Understanding of environment isolation requirements

Instructions

Step 1: Review the patterns below

Each section contains production-ready code examples. Copy and adapt them to your use case.

Step 2: Apply to your codebase

Integrate the patterns that match your requirements. Test each change individually.

Step 3: Verify

Run your test suite to confirm the integration works correctly.