Free SKILL.md scraped from GitHub. Clone the repo or copy the file directly into your Claude Code skills directory.
npx versuz@latest install jeremylongshore-claude-code-plugins-plus-skills-plugins-saas-packs-claude-pack-skills-clade-enterprise-rbacgit clone https://github.com/jeremylongshore/claude-code-plugins-plus-skills.gitcp claude-code-plugins-plus-skills/SKILL.MD ~/.claude/skills/jeremylongshore-claude-code-plugins-plus-skills-plugins-saas-packs-claude-pack-skills-clade-enterprise-rbac/SKILL.md---
name: clade-enterprise-rbac
description: 'Manage Anthropic workspaces, API keys, team access, and spending limits
Use when working with enterprise-rbac patterns.
for enterprise Claude deployments.
Trigger with "anthropic workspace", "anthropic team management",
"claude enterprise", "anthropic api key management".
'
allowed-tools: Read, Write, Edit
version: 1.0.0
license: MIT
author: Jeremy Longshore <jeremy@intentsolutions.io>
tags:
- saas
- anthropic
- claude
- enterprise
- rbac
compatibility: Designed for Claude Code
---
# Anthropic Enterprise & Access Management
## Overview
Anthropic uses **Organizations** and **Workspaces** for access control. API keys are scoped to workspaces.
## Organization Structure
```
Organization (your-company)
├── Workspace: Production
│ ├── API Key: prod-backend (Tier 4)
│ └── API Key: prod-frontend-proxy (Tier 2)
├── Workspace: Staging
│ └── API Key: staging-all (Tier 2)
└── Workspace: Development
└── API Key: dev-team (Tier 1)
```
## API Key Best Practices
| Practice | Why |
|----------|-----|
| One key per service/environment | Isolate blast radius |
| Name keys descriptively | `prod-recommendation-service` not `key-1` |
| Set spending limits per key | Prevent runaway costs from bugs |
| Rotate quarterly | Reduce exposure window |
| Never share dev and prod keys | Different rate limit tiers |
## Spending Limits
Set in Anthropic Console → Settings → Limits:
- **Monthly spend limit**: Hard cap on total spend
- **Per-key limits**: Not yet available — use separate workspaces
## Access Control Checklist
- [ ] Separate workspaces for dev/staging/prod
- [ ] Separate API keys per service
- [ ] Spending alerts configured
- [ ] Key rotation schedule (90 days)
- [ ] Offboarding process: revoke keys when team members leave
- [ ] Audit log review (Console → Logs)
## Output
- Separate workspaces for production, staging, and development
- Dedicated API keys per service/environment with descriptive names
- Spending limits and alerts configured
- Key rotation schedule established (90-day cycle)
- Access control checklist completed
## Error Handling
| Error | Cause | Solution |
|-------|-------|----------|
| API Error | Check error type and status code | See `clade-common-errors` |
## Examples
See Organization Structure diagram, API Key Best Practices table, and Access Control Checklist above.
## Resources
- [Console Dashboard](https://console.anthropic.com)
- [Organization Settings](https://console.anthropic.com/settings)
- [Enterprise Plans](https://www.anthropic.com/enterprise)
## Next Steps
See `clade-migration-deep-dive` for migrating from other LLM providers.
## Prerequisites
- Anthropic Organization account at [console.anthropic.com](https://console.anthropic.com)
- Admin access to create workspaces and API keys
- Understanding of environment isolation requirements
## Instructions
### Step 1: Review the patterns below
Each section contains production-ready code examples. Copy and adapt them to your use case.
### Step 2: Apply to your codebase
Integrate the patterns that match your requirements. Test each change individually.
### Step 3: Verify
Run your test suite to confirm the integration works correctly.