From evernote-pack
Implements Evernote RBAC with permission mapping, authorization middleware, multi-tenant isolation, and Evernote Business account integration.
How this skill is triggered — by the user, by Claude, or both
Slash command
/evernote-pack:evernote-enterprise-rbacThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Implement role-based access control for Evernote integrations, including Evernote Business account handling, shared notebook permissions, multi-tenant architecture, and authorization middleware.
Implement role-based access control for Evernote integrations, including Evernote Business account handling, shared notebook permissions, multi-tenant architecture, and authorization middleware.
Evernote has built-in sharing permissions for notebooks: READ_NOTEBOOK, MODIFY_NOTEBOOK_PLUS_ACTIVITY, READ_NOTEBOOK_PLUS_ACTIVITY, GROUP, FULL_ACCESS. Map these to your application's role system.
const EvernotePermissions = {
READ: 'READ_NOTEBOOK',
WRITE: 'MODIFY_NOTEBOOK_PLUS_ACTIVITY',
FULL: 'FULL_ACCESS'
};
const AppRoles = {
viewer: [EvernotePermissions.READ],
editor: [EvernotePermissions.READ, EvernotePermissions.WRITE],
admin: [EvernotePermissions.FULL]
};
Build a service that checks whether a user has the required permission for an operation. Query shared notebook privileges via noteStore.listSharedNotebooks() and getSharedNotebookByAuth().
class RBACService {
async canAccess(userToken, notebookGuid, requiredPermission) {
const noteStore = this.getAuthenticatedNoteStore(userToken);
const sharedNotebooks = await noteStore.listSharedNotebooks();
const shared = sharedNotebooks.find(sn => sn.notebookGuid === notebookGuid);
if (!shared) return false;
return this.hasPermission(shared.privilege, requiredPermission);
}
}
Create Express middleware that validates the user's Evernote token and checks permissions before allowing access to protected routes.
For Evernote Business accounts, use authenticateToBusiness() to get a business token. Business notebooks are shared across the organization. Use getBusinessNotebooks() to list them.
Isolate tenant data by scoping all Evernote operations to the tenant's access token. Never mix tokens between tenants. Store tenant-to-token mappings with encryption at rest.
For the full RBAC service, middleware, Business account integration, and multi-tenant architecture, see Implementation Guide.
RBACService class with permission checking| Error | Cause | Solution |
|---|---|---|
PERMISSION_DENIED | User lacks required notebook permission | Verify shared notebook privileges |
INVALID_AUTH | Business token expired | Re-authenticate with authenticateToBusiness() |
| Tenant data leak | Token scoping error | Validate tenant ID on every request |
LIMIT_REACHED on sharing | Too many shared notebooks | Clean up unused shares (500 max per notebook) |
For migration strategies, see evernote-migration-deep-dive.
Team workspace: Create a shared notebook for each team. Assign editor role to team members and viewer role to stakeholders. Use middleware to enforce permissions on all note operations.
Business account sync: Authenticate to the business account, list all business notebooks, and sync shared notes to a central dashboard accessible by all organization members.
2plugins reuse this skill
First indexed Jul 18, 2026
npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin evernote-packImplements security best practices for Evernote API integrations, including OAuth hardening, credential management, and token lifecycle protection. Trigger with 'evernote security' or 'secure evernote'.
Implements access control for multi-user Apple Notes automation using account separation, folder-based permissions, and MDM profiles. Triggers on 'apple notes access control'.
Implements OAuth 2.0 authorization, per-workspace token storage, Notion page-level permission handling, and audit logging for enterprise Notion integrations.