Configure Mistral AI enterprise access control and organization management. Use when implementing role-based permissions, managing team access, or setting up organization-level controls for Mistral AI. Trigger with phrases like "mistral access control", "mistral RBAC", "mistral enterprise", "mistral roles", "mistral permissions", "mistral team".
From mistral-packnpx claudepluginhub nickloveinvesting/nick-love-plugins --plugin mistral-packThis skill is limited to using the following tools:
Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.
Migrates code, prompts, and API calls from Claude Sonnet 4.0/4.5 or Opus 4.1 to Opus 4.5, updating model strings on Anthropic, AWS, GCP, Azure platforms.
Details PluginEval's skill quality evaluation: 3 layers (static, LLM judge), 10 dimensions, rubrics, formulas, anti-patterns, badges. Use to interpret scores, improve triggering, calibrate thresholds.
Control access to Mistral AI models and API resources at the organization level. Mistral uses API key scoping and La Plateforme workspace management to separate environments.
set -euo pipefail
# Create a key restricted to small models only (cost-safe for junior devs)
curl -X POST https://api.mistral.ai/v1/api-keys \
-H "Authorization: Bearer $MISTRAL_ADMIN_KEY" \
-d '{
"name": "dev-team-small-only",
"allowed_models": ["mistral-small-latest", "codestral-latest"],
"rate_limit_rpm": 100
}'
# Create an unrestricted key for the ML team
curl -X POST https://api.mistral.ai/v1/api-keys \
-H "Authorization: Bearer $MISTRAL_ADMIN_KEY" \
-d '{
"name": "ml-team-full-access",
"allowed_models": ["mistral-small-latest", "mistral-large-latest", "mistral-embed"],
"rate_limit_rpm": 500 # HTTP 500 Internal Server Error
}'
// mistral-gateway.ts - Proxy that checks roles before forwarding
const ROLE_MODEL_MAP: Record<string, string[]> = {
analyst: ['mistral-small-latest'],
developer: ['mistral-small-latest', 'codestral-latest', 'mistral-embed'],
senior: ['mistral-small-latest', 'mistral-large-latest', 'mistral-embed'],
admin: ['*'],
};
function canUseModel(role: string, model: string): boolean {
const allowed = ROLE_MODEL_MAP[role];
return allowed?.includes('*') || allowed?.includes(model) || false;
}
Navigate to La Plateforme > Organization > Billing and set monthly budget caps. Configure alerts at 50%, 80%, and 95% thresholds. Each API key can also have independent rate limits to prevent a single integration from consuming the entire budget.
set -euo pipefail
# List all API keys and their last-used timestamps
curl https://api.mistral.ai/v1/api-keys \
-H "Authorization: Bearer $MISTRAL_ADMIN_KEY" | \
jq '.data[] | {name, created_at, last_used_at, allowed_models}'
# Revoke a compromised key
curl -X DELETE https://api.mistral.ai/v1/api-keys/key_abc123 \
-H "Authorization: Bearer $MISTRAL_ADMIN_KEY"
Automate 90-day key rotation. Create the new key, update consuming services, then delete the old key after a 24-hour overlap window.
| Issue | Cause | Solution |
|---|---|---|
401 Unauthorized | API key revoked or invalid | Generate new key on La Plateforme |
403 model not allowed | Key restricted from that model | Use a key with broader model scope |
429 rate limit | Key RPM cap exceeded | Increase rate limit or distribute load across keys |
| Spending alert triggered | Monthly budget near cap | Review usage by key; restrict heavy consumers |
Basic usage: Apply mistral enterprise rbac to a standard project setup with default configuration options.
Advanced scenario: Customize mistral enterprise rbac for production environments with multiple constraints and team-specific requirements.