lindy-enterprise-rbac
@jeremylongshore/lindy-enterprise-rbac
Configure enterprise role-based access control for Lindy AI. Use when setting up team permissions, managing access, or implementing enterprise security policies. Trigger with phrases like "lindy permissions", "lindy RBAC", "lindy access control", "lindy enterprise security".
Installation
$skills install @jeremylongshore/lindy-enterprise-rbac
Claude Code
Cursor
Copilot
Codex
Antigravity
Details
Pathplugins/saas-packs/lindy-pack/skills/lindy-enterprise-rbac/SKILL.md
Branchmain
Scoped Name@jeremylongshore/lindy-enterprise-rbac
Usage
After installing, this skill will be available to your AI coding assistant.
Verify installation:
skills listSkill Instructions
name: lindy-enterprise-rbac description: | Configure enterprise role-based access control for Lindy AI. Use when setting up team permissions, managing access, or implementing enterprise security policies. Trigger with phrases like "lindy permissions", "lindy RBAC", "lindy access control", "lindy enterprise security". allowed-tools: Read, Write, Edit version: 1.0.0 license: MIT author: Jeremy Longshore jeremy@intentsolutions.io
Lindy Enterprise RBAC
Overview
Implement enterprise-grade role-based access control for Lindy AI.
Prerequisites
- Lindy Enterprise account
- Admin access to organization
- Understanding of organizational structure
Instructions
Step 1: Define Roles
// rbac/roles.ts
interface Role {
name: string;
description: string;
permissions: Permission[];
}
enum Permission {
// Agent permissions
AGENT_CREATE = 'agent:create',
AGENT_READ = 'agent:read',
AGENT_UPDATE = 'agent:update',
AGENT_DELETE = 'agent:delete',
AGENT_RUN = 'agent:run',
// Automation permissions
AUTOMATION_CREATE = 'automation:create',
AUTOMATION_READ = 'automation:read',
AUTOMATION_UPDATE = 'automation:update',
AUTOMATION_DELETE = 'automation:delete',
// Admin permissions
USER_MANAGE = 'user:manage',
BILLING_VIEW = 'billing:view',
AUDIT_VIEW = 'audit:view',
SETTINGS_MANAGE = 'settings:manage',
}
const roles: Role[] = [
{
name: 'viewer',
description: 'Read-only access to agents and runs',
permissions: [
Permission.AGENT_READ,
Permission.AUTOMATION_READ,
],
},
{
name: 'developer',
description: 'Create and manage agents',
permissions: [
Permission.AGENT_CREATE,
Permission.AGENT_READ,
Permission.AGENT_UPDATE,
Permission.AGENT_RUN,
Permission.AUTOMATION_CREATE,
Permission.AUTOMATION_READ,
Permission.AUTOMATION_UPDATE,
],
},
{
name: 'operator',
description: 'Run agents and view automations',
permissions: [
Permission.AGENT_READ,
Permission.AGENT_RUN,
Permission.AUTOMATION_READ,
],
},
{
name: 'admin',
description: 'Full administrative access',
permissions: Object.values(Permission),
},
];
Step 2: Implement Permission Checker
// rbac/checker.ts
import { Lindy } from '@lindy-ai/sdk';
class PermissionChecker {
private lindy: Lindy;
private userPermissions: Map<string, Permission[]> = new Map();
constructor() {
this.lindy = new Lindy({ apiKey: process.env.LINDY_API_KEY });
}
async loadUserPermissions(userId: string): Promise<Permission[]> {
// Get user's role from Lindy
const user = await this.lindy.users.get(userId);
const role = roles.find(r => r.name === user.role);
if (!role) {
throw new Error(`Unknown role: ${user.role}`);
}
this.userPermissions.set(userId, role.permissions);
return role.permissions;
}
hasPermission(userId: string, permission: Permission): boolean {
const permissions = this.userPermissions.get(userId);
if (!permissions) {
return false;
}
return permissions.includes(permission);
}
requirePermission(userId: string, permission: Permission): void {
if (!this.hasPermission(userId, permission)) {
throw new Error(`Permission denied: ${permission}`);
}
}
}
Step 3: Create Protected Operations
// rbac/protected-lindy.ts
import { Lindy } from '@lindy-ai/sdk';
import { PermissionChecker, Permission } from './checker';
class ProtectedLindy {
private lindy: Lindy;
private checker: PermissionChecker;
private currentUserId: string;
constructor(userId: string) {
this.lindy = new Lindy({ apiKey: process.env.LINDY_API_KEY });
this.checker = new PermissionChecker();
this.currentUserId = userId;
}
async createAgent(config: any) {
this.checker.requirePermission(this.currentUserId, Permission.AGENT_CREATE);
return this.lindy.agents.create(config);
}
async runAgent(agentId: string, input: string) {
this.checker.requirePermission(this.currentUserId, Permission.AGENT_RUN);
return this.lindy.agents.run(agentId, { input });
}
async deleteAgent(agentId: string) {
this.checker.requirePermission(this.currentUserId, Permission.AGENT_DELETE);
return this.lindy.agents.delete(agentId);
}
async viewBilling() {
this.checker.requirePermission(this.currentUserId, Permission.BILLING_VIEW);
return this.lindy.billing.current();
}
}
Step 4: Team Management
// rbac/teams.ts
interface Team {
id: string;
name: string;
members: TeamMember[];
agents: string[]; // Agent IDs accessible to team
}
interface TeamMember {
userId: string;
role: string;
addedAt: Date;
}
class TeamManager {
private lindy: Lindy;
constructor() {
this.lindy = new Lindy({ apiKey: process.env.LINDY_API_KEY });
}
async createTeam(name: string, adminUserId: string): Promise<Team> {
const team = await this.lindy.teams.create({
name,
members: [{ userId: adminUserId, role: 'admin' }],
});
return team;
}
async addMember(teamId: string, userId: string, role: string): Promise<void> {
await this.lindy.teams.addMember(teamId, { userId, role });
}
async removeMember(teamId: string, userId: string): Promise<void> {
await this.lindy.teams.removeMember(teamId, userId);
}
async assignAgentToTeam(teamId: string, agentId: string): Promise<void> {
await this.lindy.teams.assignAgent(teamId, agentId);
}
async canAccessAgent(userId: string, agentId: string): Promise<boolean> {
const teams = await this.lindy.teams.list({ userId });
for (const team of teams) {
if (team.agents.includes(agentId)) {
return true;
}
}
return false;
}
}
Step 5: Audit Logging
// rbac/audit.ts
interface AuditEvent {
timestamp: Date;
userId: string;
action: string;
resource: string;
resourceId: string;
result: 'success' | 'denied' | 'error';
metadata?: Record<string, any>;
}
class AuditLogger {
async log(event: Omit<AuditEvent, 'timestamp'>): Promise<void> {
const auditEvent: AuditEvent = {
...event,
timestamp: new Date(),
};
// Store audit log
console.log('AUDIT:', JSON.stringify(auditEvent));
// Send to SIEM if configured
if (process.env.SIEM_ENDPOINT) {
await fetch(process.env.SIEM_ENDPOINT, {
method: 'POST',
body: JSON.stringify(auditEvent),
});
}
}
}
// Wrap operations with audit logging
async function auditedOperation<T>(
operation: () => Promise<T>,
eventDetails: Omit<AuditEvent, 'timestamp' | 'result'>
): Promise<T> {
const audit = new AuditLogger();
try {
const result = await operation();
await audit.log({ ...eventDetails, result: 'success' });
return result;
} catch (error: any) {
const result = error.message.includes('Permission denied') ? 'denied' : 'error';
await audit.log({ ...eventDetails, result, metadata: { error: error.message } });
throw error;
}
}
RBAC Checklist
[ ] Roles defined for organization
[ ] Permissions mapped to roles
[ ] Permission checker implemented
[ ] All operations protected
[ ] Teams configured
[ ] Audit logging enabled
[ ] Regular access reviews scheduled
[ ] SSO integration (if applicable)
[ ] MFA enforced for admins
Output
- Role definitions
- Permission checker
- Protected operations
- Team management
- Audit logging
Error Handling
| Issue | Cause | Solution |
|---|---|---|
| Permission denied | Missing role | Assign correct role |
| Role not found | Invalid role | Check role definitions |
| Audit failed | SIEM down | Queue and retry |
Examples
Complete RBAC Setup
async function setupRBAC() {
const lindy = new Lindy({ apiKey: process.env.LINDY_API_KEY });
// Create teams
const devTeam = await lindy.teams.create({ name: 'Development' });
const opsTeam = await lindy.teams.create({ name: 'Operations' });
// Add members with roles
await lindy.teams.addMember(devTeam.id, { userId: 'user1', role: 'developer' });
await lindy.teams.addMember(opsTeam.id, { userId: 'user2', role: 'operator' });
console.log('RBAC configured successfully');
}
Resources
Next Steps
Proceed to lindy-migration-deep-dive for advanced migrations.
More by jeremylongshore
View allrabbitmq-queue-setup
1,004Rabbitmq Queue Setup - Auto-activating skill for Backend Development. Triggers on: rabbitmq queue setup, rabbitmq queue setup Part of the Backend Development skill category.
model-evaluation-suite
1,004evaluating-machine-learning-models: This skill allows Claude to evaluate machine learning models using a comprehensive suite of metrics. It should be used when the user requests model performance analysis, validation, or testing. Claude can use this skill to assess model accuracy, precision, recall, F1-score, and other relevant metrics. Trigger this skill when the user mentions "evaluate model", "model performance", "testing metrics", "validation results", or requests a comprehensive "model evaluation".
neural-network-builder
1,004building-neural-networks: This skill allows Claude to construct and configure neural network architectures using the neural-network-builder plugin. It should be used when the user requests the creation of a new neural network, modification of an existing one, or assistance with defining the layers, parameters, and training process. The skill is triggered by requests involving terms like "build a neural network," "define network architecture," "configure layers," or specific mentions of neural network types (e.g., "CNN," "RNN," "transformer").
oauth-callback-handler
1,004Oauth Callback Handler - Auto-activating skill for API Integration. Triggers on: oauth callback handler, oauth callback handler Part of the API Integration skill category.