coderabbit-enterprise-rbac

Configure CodeRabbit enterprise access control, seat management, and organization policies. Use when managing who gets AI reviews, configuring organization-level defaults, or implementing access policies for CodeRabbit across teams. Trigger with phrases like "coderabbit SSO", "coderabbit RBAC", "coderabbit enterprise", "coderabbit roles", "coderabbit permissions", "coderabbit seats".

25 stars

byComeOnOliver

View on GitHub Installation ↓

Best use case

coderabbit-enterprise-rbac is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Teams using coderabbit-enterprise-rbac should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

You only need a quick one-off answer and do not need a reusable workflow.
You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/coderabbit-enterprise-rbac/SKILL.md --create-dirs "https://raw.githubusercontent.com/ComeOnOliver/skillshub/main/skills/jeremylongshore/claude-code-plugins-plus-skills/coderabbit-enterprise-rbac/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/coderabbit-enterprise-rbac/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How coderabbit-enterprise-rbac Compares

Feature / Agent	coderabbit-enterprise-rbac	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

Related Guides

AI Agents for Coding

Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.

SKILL.md Source

# CodeRabbit Enterprise RBAC

## Overview
Manage CodeRabbit AI code review access across an enterprise organization. CodeRabbit inherits repository permissions from your Git provider -- if a developer has write access to a repo and opens a PR, CodeRabbit reviews it. Enterprise controls focus on seat management, repository scoping, organization-level configuration, and review policy enforcement.

## Prerequisites
- CodeRabbit Pro or Enterprise plan
- GitHub Organization admin or GitLab Group owner role
- CodeRabbit GitHub App installed on the organization
- Access to CodeRabbit dashboard at app.coderabbit.ai

## Access Control Model
```
GitHub/GitLab Org Permissions
         │
         ▼
┌─────────────────────────┐
│ CodeRabbit GitHub App   │
│ Repository Access:      │
│  ├── All repositories   │ ← Reviews every PR in the org
│  └── Select repos only  │ ← Reviews only selected repos
└─────────┬───────────────┘
          │
          ▼
┌─────────────────────────┐
│ Seat Assignment         │
│  ├── Active committers  │ ← Auto-assigns seats to PR authors
│  └── Manual assignment  │ ← Admin picks who gets seats
└─────────┬───────────────┘
          │
          ▼
┌─────────────────────────┐
│ .coderabbit.yaml        │
│  ├── Org-level defaults │ ← .github repo
│  └── Repo-level overrides│ ← Per-repo customization
└─────────────────────────┘
```

## Instructions

### Step 1: Control Repository Access
```markdown
# In GitHub > Organization > Settings > Installed Apps > CodeRabbit:

Option A: "All repositories" (org-wide)
- Every repo gets AI reviews automatically
- New repos are covered immediately
- Higher seat count (every PR author = seat)

Option B: "Only select repositories" (targeted)
- Choose which repos get AI reviews
- Lower seat count
- New repos must be manually added

# Recommended: Start with Option B (select repos)
# Add repos in tiers based on risk/value
```

### Step 2: Configure Seat Management
```markdown
# In CodeRabbit Dashboard > Organization > Subscription:

1. Seat Policy Options:
   - "Active committers" → Auto-assign to anyone who opens a PR
   - "Manual assignment" → Admin explicitly assigns seats

2. Exclude Bot Accounts:
   - dependabot[bot]
   - renovate[bot]
   - github-actions[bot]
   - Any CI service accounts

3. Monitor Seat Usage:
   - Active seats: developers who opened PRs in last 30 days
   - Idle seats: no PR activity in 30+ days → candidates for removal

# Billing: ~$15/seat/month (Pro), custom (Enterprise)
# Only PR authors consume seats, not reviewers or commenters
```

### Step 3: Set Organization-Level Defaults
```yaml
# .github/.coderabbit.yaml (in the .github repo)
# Applied to ALL repos unless overridden by repo-level config

language: "en-US"
reviews:
  profile: "assertive"
  request_changes_workflow: false
  high_level_summary: true
  review_status: true
  poem: false
  sequence_diagrams: true

  auto_review:
    enabled: true
    drafts: false
    ignore_title_keywords:
      - "WIP"
      - "DO NOT MERGE"
      - "chore: bump"

  path_filters:
    - "!**/*.lock"
    - "!**/*.snap"
    - "!**/generated/**"
    - "!dist/**"
    - "!vendor/**"

  # Organization-wide coding standards
  path_instructions:
    - path: "**"
      instructions: |
        Org-wide rules:
        1. Flag hardcoded secrets, API keys, or credentials
        2. Check for proper error handling (no empty catch blocks)
        3. Verify input validation on API endpoints

chat:
  auto_reply: true
```

### Step 4: Team-Specific Repository Overrides
```yaml
# .coderabbit.yaml in a specific repo (overrides org defaults)
reviews:
  profile: "assertive"      # Can override org default
  request_changes_workflow: true   # This repo requires CR approval

  auto_review:
    enabled: true
    base_branches:
      - main                 # Only review PRs targeting main
    drafts: false

  path_instructions:
    - path: "src/auth/**"
      instructions: |
        SECURITY-CRITICAL path. Check for:
        - Auth bypass vulnerabilities
        - Injection attacks
        - Improper session handling
        - Token validation gaps
    - path: "src/payments/**"
      instructions: |
        PCI-SENSITIVE path. Check for:
        - Credit card data handling
        - Proper encryption usage
        - Audit logging of financial operations
    - path: "migrations/**"
      instructions: |
        Verify: backward compatibility, rollback safety,
        no data loss on down migration.
```

### Step 5: Audit Review Activity
```bash
set -euo pipefail
ORG="${1:-your-org}"

echo "=== CodeRabbit Org-Wide Review Audit ==="
echo "Organization: $ORG"
echo ""

# List repos with CodeRabbit installed
echo "--- Repos with CodeRabbit ---"
for REPO in $(gh repo list "$ORG" --limit 50 --json name --jq '.[].name'); do
  INSTALLED=$(gh api "repos/$ORG/$REPO/installation" --jq '.app_slug' 2>/dev/null || echo "none")
  if [ "$INSTALLED" = "coderabbitai" ]; then
    # Count recent reviews
    REVIEWS=$(gh api "repos/$ORG/$REPO/pulls?state=closed&per_page=10" --jq '.[].number' 2>/dev/null | \
      head -5 | xargs -I{} gh api "repos/$ORG/$REPO/pulls/{}/reviews" \
        --jq '[.[] | select(.user.login=="coderabbitai[bot]")] | length' 2>/dev/null | \
      awk '{sum+=$1} END {print sum+0}')
    echo "  $REPO: $REVIEWS reviews (last 5 PRs)"
  fi
done
```

### Step 6: Enterprise SSO and Compliance
```markdown
# CodeRabbit Enterprise plan includes:

1. SSO Integration:
   - GitHub Enterprise Cloud SSO (SAML)
   - GitLab SAML SSO
   - Automatic seat provisioning via SCIM

2. Data Residency:
   - Code is processed and not stored (ephemeral analysis)
   - Review comments stored in your Git provider (GitHub/GitLab)
   - CodeRabbit learnings stored on CodeRabbit servers
   - SOC 2 Type II certified

3. Compliance Features:
   - Audit logs available in enterprise dashboard
   - Data processing agreement (DPA) available
   - Custom data retention policies
   - IP allowlisting for self-hosted GitLab

# Contact: enterprise@coderabbit.ai for custom plans
```

## Output
- Repository access scoped to appropriate repos
- Seat management configured with bot exclusions
- Organization-level defaults deployed
- Team-specific review policies applied
- Audit script for review activity monitoring

## Error Handling
| Issue | Cause | Solution |
|-------|-------|----------|
| CodeRabbit not reviewing PRs | App not installed on repo | Add repo in GitHub App settings |
| Seat limit exceeded | Too many active committers | Remove inactive users or upgrade plan |
| Org config not applying | No `.github` repo in org | Create `.github` repo with `.coderabbit.yaml` |
| Repo config ignored | YAML syntax error | Validate YAML, check with `@coderabbitai configuration` |
| Bot consuming seats | Bot opens PRs | Exclude bot usernames in seat management |

## Resources
- [CodeRabbit Enterprise](https://coderabbit.ai/pricing)
- [Organization Config](https://docs.coderabbit.ai/guides/organization-level-config)
- [Seat Management](https://docs.coderabbit.ai/guides/seat-management)
- [SOC 2 Compliance](https://coderabbit.ai/security)

## Next Steps
For cost optimization, see `coderabbit-cost-tuning`.

Related Skills

kubernetes-rbac-analyzer

from ComeOnOliver/skillshub

Kubernetes Rbac Analyzer - Auto-activating skill for Security Advanced. Triggers on: kubernetes rbac analyzer, kubernetes rbac analyzer Part of the Security Advanced skill category.

exa-enterprise-rbac

from ComeOnOliver/skillshub

Manage Exa API key scoping, team access controls, and domain restrictions. Use when implementing multi-key access control, configuring per-team search limits, or setting up organization-level Exa governance. Trigger with phrases like "exa access control", "exa RBAC", "exa enterprise", "exa team keys", "exa permissions".

evernote-enterprise-rbac

from ComeOnOliver/skillshub

Implement enterprise RBAC for Evernote integrations. Use when building multi-tenant systems, implementing role-based access, or handling business accounts. Trigger with phrases like "evernote enterprise", "evernote rbac", "evernote business", "evernote permissions".

documenso-enterprise-rbac

from ComeOnOliver/skillshub

Configure Documenso enterprise role-based access control and team management. Use when implementing team permissions, configuring organizational roles, or setting up enterprise access controls. Trigger with phrases like "documenso RBAC", "documenso teams", "documenso permissions", "documenso enterprise", "documenso roles".

deepgram-enterprise-rbac

from ComeOnOliver/skillshub

Configure enterprise role-based access control for Deepgram integrations. Use when implementing team permissions, managing API key scopes, or setting up organization-level access controls. Trigger: "deepgram RBAC", "deepgram permissions", "deepgram access control", "deepgram team roles", "deepgram enterprise", "deepgram key scopes".

databricks-enterprise-rbac

from ComeOnOliver/skillshub

Configure Databricks enterprise SSO, Unity Catalog RBAC, and organization management. Use when implementing SSO integration, configuring role-based permissions, or setting up organization-level controls with Unity Catalog. Trigger with phrases like "databricks SSO", "databricks RBAC", "databricks enterprise", "unity catalog permissions", "databricks SCIM".

coreweave-enterprise-rbac

from ComeOnOliver/skillshub

Configure RBAC and namespace isolation for CoreWeave multi-team GPU access. Use when managing team permissions, isolating GPU quotas, or implementing namespace-level access control. Trigger with phrases like "coreweave rbac", "coreweave permissions", "coreweave namespace isolation", "coreweave team access".

cohere-enterprise-rbac

from ComeOnOliver/skillshub

Configure Cohere enterprise API key management, role-based access, and org controls. Use when implementing multi-team API key management, per-team usage limits, or setting up organization-level controls for Cohere. Trigger with phrases like "cohere enterprise", "cohere RBAC", "cohere team keys", "cohere org management", "cohere access control".

coderabbit-webhooks-events

from ComeOnOliver/skillshub

Implement CodeRabbit webhook signature validation and event handling. Use when setting up webhook endpoints, implementing signature verification, or handling CodeRabbit event notifications securely. Trigger with phrases like "coderabbit webhook", "coderabbit events", "coderabbit webhook signature", "handle coderabbit events", "coderabbit notifications".

coderabbit-upgrade-migration

from ComeOnOliver/skillshub

Update CodeRabbit configuration for new features, migrate between plans, and adopt new capabilities. Use when CodeRabbit releases new features, upgrading from Free to Pro plan, or updating .coderabbit.yaml schema for new options. Trigger with phrases like "upgrade coderabbit", "coderabbit new features", "update coderabbit config", "coderabbit plan upgrade", "coderabbit changelog".

coderabbit-security-basics

from ComeOnOliver/skillshub

Configure CodeRabbit for security-focused code review with secret detection and vulnerability scanning. Use when setting up security review rules, configuring secret detection in PRs, or hardening CodeRabbit configuration for compliance requirements. Trigger with phrases like "coderabbit security", "coderabbit secrets", "secure coderabbit", "coderabbit vulnerability detection", "coderabbit security review".

coderabbit-sdk-patterns

from ComeOnOliver/skillshub

Apply production-ready CodeRabbit automation patterns using GitHub API and PR comments. Use when building automation around CodeRabbit reviews, processing review feedback programmatically, or integrating CodeRabbit into custom workflows. Trigger with phrases like "coderabbit automation", "coderabbit API patterns", "automate coderabbit", "coderabbit github api", "process coderabbit reviews".