Using SkillMeat Enterprise Features¶
SkillMeat's enterprise edition enables organizations to manage Claude Code artifacts across multiple teams while maintaining clear ownership, permissions, and governance. This guide explains the enterprise features from a user perspective — what you can do, how to access resources, and how permissions work.
For administrative setup and configuration, see the Enterprise Admin Workflow Guide.
Walkthrough available
See the Team / Enterprise Admin Walkthrough for a complete enterprise setup journey.
Overview¶
The enterprise edition adds five key capabilities over the local edition:
| Feature | What it enables |
|---|---|
| Multi-team support | Organize artifacts by team, with team-scoped visibility and permissions |
| Authentication & sessions | Sign in with SSO (Clerk) or local credentials; manage active sessions |
| Role-based access control (RBAC) | Reader, Contributor, Maintainer, and Admin roles with granular permissions |
| Governance & approvals | Approval workflows for publishing shared artifacts; audit trails of all actions |
| Federation | Access artifacts across organizational boundaries; configure data regions for GDPR compliance |
What's in the Enterprise Stack¶
When your admin deploys enterprise edition using containers, they deploy four core services:
- SkillMeat API — FastAPI backend with PostgreSQL integration
- Web UI — Next.js frontend for the admin dashboard and user interface
- PostgreSQL Database — Multi-tenant data store with row-level security
- Documentation Site — MkDocs Material site with guides and API reference
Before using enterprise features, ensure your admin has completed initial seed verification. See Enterprise Admin Workflow for details.
You don't need to set up enterprise features yourself — your admin provisions teams, assigns roles, and configures governance. This guide explains how to use what's available to you.
Prerequisites¶
Before using enterprise features, confirm:
- Your organization deployed enterprise edition — check with your admin or see Edition Feature Matrix
- You have a user account — created by your admin or via SSO sign-in
- You're assigned to a team — your admin added you during onboarding
- You know your role — Reader, Contributor, Maintainer, or Admin (ask your admin if unsure)
Multi-Team Setup (User Perspective)¶
Switching Teams¶
When multiple teams exist, you can switch between them in the web UI:
- Go to your profile menu (top-right corner)
- Select "Switch Team" or click your current team name
- Choose a team from the dropdown
- Your Collection view updates to show that team's artifacts and shared resources
Team Assignment Required
You can only see teams you're a member of. If you need access to another team, ask your admin to add you.
Understanding Team-Scoped Collections¶
Each team has its own team collection — a shared space for artifacts the team manages together. Team collections are:
- Shared: All team members can see them (subject to individual permissions)
- Governed: Approval workflows may be required before publishing (if enabled)
- Audited: All changes are logged in the audit trail
Personal vs. Team Collections¶
Your artifacts live in two scopes:
| Scope | Visibility | Who can access |
|---|---|---|
| Personal | Only you (by default) | Just you, unless you share |
| Team | Your team (by default) | All team members with appropriate role |
When you create or import an artifact, choose whether it goes to your personal collection or the team collection. You can move artifacts between scopes later (subject to permissions).
Talk to your admin
If you can't find a team or collection you expect to see, ask your admin to verify your team membership and permissions.
Authentication¶
Sign-In Flow¶
How you sign in depends on your organization's configuration:
SSO (Clerk) Sign-In: 1. Navigate to the SkillMeat login page 2. Click "Sign in with SSO" (or your organization's identity provider) 3. Authenticate with your corporate credentials 4. You're redirected to SkillMeat with an active session
Local Credentials: 1. Navigate to the login page 2. Enter your username/email and password 3. Click "Sign in" 4. You're logged in to your account
Managing Sessions¶
Your session remains active until you:
- Sign out manually — click your profile menu and select "Sign out"
- Session expires — typically after 30 days of inactivity (ask your admin for the exact timeout)
- Admin revokes session — in case of security incident or role change
You can have multiple active sessions (e.g., web browser + API client). Sign out of all sessions from your profile settings if needed.
API Keys for Programmatic Use¶
To use SkillMeat's API outside the web UI (CLI, scripts, integrations):
- Go to your profile settings
- Select "API Keys"
- Generate a new key — give it a descriptive name (e.g., "CI/CD Pipeline")
- Copy the key immediately — you won't see it again
- Store securely — treat like a password; rotate periodically
Use your API key with the Authorization: Bearer <YOUR_KEY> header in API requests.
API Key Security
Never commit API keys to version control. Use environment variables or secrets management. Rotate keys regularly. Contact your admin if a key is compromised.
Full API Reference
Complete API documentation coming in Phase 5. For now, ask your admin for endpoint details or check the OpenAPI spec at /api/openapi.json.
Role-Based Access Control (RBAC)¶
Your role determines what you can do in SkillMeat. Roles are assigned per team — you might be an Admin in one team and a Contributor in another.
The Four Roles¶
| Role | Permissions | Can do |
|---|---|---|
| Reader | Read-only | View artifacts, collections, and governance history. Cannot modify or deploy. |
| Contributor | Create, edit own | Create personal artifacts. Edit/publish your own artifacts. Cannot delete others' work. |
| Maintainer | Team management | Edit team artifacts. Approve/merge changes. Manage team deployments. Audit changes. |
| Admin | Full control | Create, edit, delete any team artifacts. Configure governance settings. Manage team membership. |
Hierarchy: Admin > Maintainer > Contributor > Reader
What You Can Do by Role¶
Reader¶
- View team collection and shared artifacts
- Read governance history and approvals
- View artifact versions and audit trails
- Cannot modify or deploy anything
Contributor¶
- Everything a Reader can do, plus:
- Create personal artifacts
- Edit/update your own artifacts
- Publish personal artifacts to the marketplace
- Deploy artifacts you own to projects
Maintainer¶
- Everything a Contributor can do, plus:
- Edit team-owned artifacts
- Review and approve pending changes (if approval workflow enabled)
- Merge conflicts during synchronization
- Audit all team activity
- Configure team-level governance (if admin allows)
Admin¶
- Everything a Maintainer can do, plus:
- Delete any artifact (personal or team-owned)
- Configure team governance policies
- Manage team membership and role assignments
- Reassign artifact ownership
- Force-sync conflicted artifacts
Requesting Elevated Access¶
If you need higher permissions:
- Identify what you need — e.g., "I need to delete an obsolete artifact" or "I need to approve team changes"
- Contact your team admin — in Slack, email, or your organization's chat
- Admin can temporarily elevate — grant you the role, or reassign the artifact for action
- Request is logged — all permission changes appear in the audit trail
Governance & Approvals¶
Approval Workflows¶
If your team has approval workflows enabled, certain actions require approval before taking effect:
- Publishing to marketplace — your artifact awaits team review
- Deploying across teams — federation deployments may need approval
- Making team artifacts public — governance requires sign-off
Workflow for Artifact Publishing:
- You submit an artifact for publishing
- Maintainers see it in the Pending Approvals queue
- They review and approve/request changes
- Once approved, the artifact is published
- You receive a notification
Ask Your Admin
Check whether your team requires approvals. If you're unsure why an artifact is pending, ask a Maintainer or Admin.
Audit Logs¶
All actions in SkillMeat are logged — who made what change, when, and why. You can view audit logs for artifacts you have access to:
- Open the artifact in the web UI
- Click "Activity" or "Audit Trail" tab
- Review the log — see who created, modified, deployed, or accessed the artifact
- Filter by date or person — find specific events
Audit logs help you: - Track who last modified a critical artifact - Verify approvals were followed - Investigate unexpected changes - Comply with governance policies
For admin-level audit views (organization-wide activity), see the Enterprise Admin Workflow Guide.
Federation¶
Federation allows access to artifacts across organizational boundaries — useful for shared tooling, vendor integrations, or partner collaboration.
Accessing Federated Artifacts¶
Artifacts from partner organizations appear in a "Federated" or "Shared" collection when:
- Your admin configured federation — established a trust relationship with the partner org
- You're granted access — the partner assigned your team read/write permissions
- The artifact was published — partner shared it with your organization
To use a federated artifact:
- Navigate to Collections → Shared or Federated
- Select the partner organization
- Browse their published artifacts
- Click an artifact to view details and deploy to your projects
Admin Configuration Required
Federation setup is fully handled by admins. If you don't see federated artifacts but expect to, ask your admin to verify the federation configuration.
Data Regions & GDPR¶
Federation respects data regions — geographic restrictions on where artifacts and associated data can reside:
- Local region artifacts — stay within your organization's region (e.g., EU, US)
- Cross-region federation — requires additional compliance checks
- GDPR compliance — personal data in federated artifacts may be restricted
Your admin configures data regions. If federation is available, region compliance is already handled.
Troubleshooting¶
"Access Denied" or 403 Errors¶
Symptom: You see "Access Denied" when trying to view or modify an artifact.
Causes: - Your role lacks the required permission - The artifact is owned by another team you don't belong to - Your session expired
Solutions: 1. Refresh the page — your session may have timed out 2. Check your role — ask your admin if you have the right role 3. Verify team membership — confirm you're in the artifact's team 4. Request elevated access — ask an Admin to grant higher permissions if needed
Team Not Visible¶
Symptom: A team you expect to see doesn't appear in the team switcher.
Causes: - You're not a member of that team - The team was archived or removed - Your admin hasn't added you yet
Solutions: 1. Ask your admin to verify your team membership 2. Check your email for a team invitation 3. Request access if you need to join a specific team
Artifact Stuck in "Pending Approval"¶
Symptom: Your artifact has been pending approval for days.
Causes: - No Maintainer has reviewed it yet - The approval workflow is blocked waiting for feedback
Solutions: 1. Check with a Maintainer — ask if they're reviewing 2. Request feedback in a comment (if supported) 3. Ask your admin if the workflow is misconfigured
Federation Sync Lag¶
Symptom: A partner's artifact shows an old version even though they just published a new one.
Causes: - Federation sync runs on a schedule (typically every 5–15 minutes) - Network connectivity issues between organizations
Solutions: 1. Wait for next sync — the new version should appear shortly 2. Ask your admin to manually trigger a sync (if available) 3. Check federation logs if the artifact doesn't update after 30 minutes
Next Steps¶
- Enterprise Admin Workflow Guide — for admins managing teams, governance, and deployments
- Marketplace Full Guide — understand the publishing and approval workflows in detail
- Edition Feature Matrix — complete reference of enterprise vs. local features
- Ask your team admin — they're your best resource for organization-specific setup and policies