Who gets to deploy a skill
Source-checking and evaluation are about whether a skill is safe and good. Access control is about who in your organization is allowed to make those calls. It's the part that's genuinely a management decision, so it's yours.
The controls you have
You met most of these in lesson two; here they are as governance levers:
- The org-wide on switch. On Team and Enterprise plans, an administrator enables Skills for the organization before anyone uses them. Skills being usable at all is a deliberate, controlled choice.
- Who can provision. Pushing a skill organization-wide runs through an administrator. That is the choke point for any skill that becomes a company standard, and it should stay a small, accountable set of people.
- The off-by-default sharing. Because sharing with colleagues and publishing to the directory are off until switched on, no skill reaches others by accident. Every deployment is traceable to a person's decision.
- Central audit. Administrators can see and review what skills are deployed across the organization. You can answer "what skills is the team running, and who put them there."
The policy worth writing down
Decide, before skills spread, a few simple rules: who may publish a skill to the company directory, what review a skill goes through before an admin provisions it org-wide, and who owns each official skill once it's live. It does not need to be a long document. It needs to exist, so that "we have a skill for that" is always followed by a clear answer to "and who is accountable for it." A skill with no owner is the one that quietly goes stale and wrong.
Who gets to deploy a skill
Source-checking and evaluation are about whether a skill is safe and good. Access control is about who in your organization is allowed to make those calls. It's the part that's genuinely a management decision, so it's yours.
The controls you have
You met most of these in lesson two; here they are as governance levers:
- The org-wide on switch. On Team and Enterprise plans, an administrator enables Skills for the organization before anyone uses them. Skills being usable at all is a deliberate, controlled choice.
- Who can provision. Pushing a skill organization-wide runs through an administrator. That is the choke point for any skill that becomes a company standard, and it should stay a small, accountable set of people.
- The off-by-default sharing. Because sharing with colleagues and publishing to the directory are off until switched on, no skill reaches others by accident. Every deployment is traceable to a person's decision.
- Central audit. Administrators can see and review what skills are deployed across the organization. You can answer "what skills is the team running, and who put them there."
The policy worth writing down
Decide, before skills spread, a few simple rules: who may publish a skill to the company directory, what review a skill goes through before an admin provisions it org-wide, and who owns each official skill once it's live. It does not need to be a long document. It needs to exist, so that "we have a skill for that" is always followed by a clear answer to "and who is accountable for it." A skill with no owner is the one that quietly goes stale and wrong.