Domain 6 · Task Statement 6.6

Enterprise Governance: RBAC, Spend Limits, Analytics & OpenTelemetry

TL;DR

Master the enterprise governance surface that shipped with Cowork's April 2026 GA release: role-based access controls and groups, group spend limits, the Cowork Analytics dashboard and API, OpenTelemetry monitoring, and the Zoom MCP connector — plus the audit-log gap that none of these features close.

What You Need to Know

When Cowork went generally available on 9 April 2026, Anthropic shipped a parallel release aimed squarely at admins: the people who get paged when an AI deployment goes sideways. Five governance features landed together. Role-based access controls. Group spend limits. The Cowork Analytics dashboard and API. Expanded OpenTelemetry. A Zoom MCP connector.

Each one closes a real gap that early enterprise adopters had been asking about. None of them closes the audit-log gap, which still rules out regulated workloads. That distinction matters, and the exam will test whether you hold it clearly in your head.

This lesson is the final piece of Domain 6. By the end you'll know what each feature does, which plan tier it needs, where the limits sit, and how to put it to work.

Role-based access controls (RBAC) — Enterprise only

On Enterprise plans, admins can now organise users into groups and assign each group a custom role that defines which Cowork capabilities its members can use. Two ways to populate groups:

  • Manually, from the admin console
  • Via SCIM, sourced from your identity provider so groups stay in sync with your existing organisation structure

A custom role might enable Cowork for a single team while leaving it off for the rest of the company. It might narrow MCP tool permissions for one group and leave them wide open for another. It might gate plugin installation by team. Team plans don't get any of this. Cowork remains all-or-nothing on Team, and if you see older study material claiming "no per-user granularity on any plan", treat it as pre-GA and out of date for Enterprise.

The practical pattern: pilot Cowork with one group (often Operations, or a friendly engineering team), watch the OpenTelemetry stream for a few weeks, then expand the role assignments as confidence grows. RBAC turns "deploy or don't" into a phased rollout you can manage week by week.

Group spend limits — predictable costs by team

Heavy Cowork usage burns tokens fast: sub-agents, tool calls, screen interaction, web browsing. Enterprise admins can now set per-team budgets directly from the admin console and adjust them as they learn what each team actually needs. Engineering will spike during release weeks. Finance will settle into a predictable rhythm around close. Combined with the Analytics surface below, this turns Cowork into a line item rather than a surprise.

Cowork Analytics: dashboard + API

Cowork usage now appears in the admin dashboard at Analytics > Cowork for Team and Enterprise plans. You get:

  • Cowork sessions per day
  • Percentage of users with one or more Cowork sessions
  • Daily, weekly, and monthly active Cowork users (DAU/WAU/MAU)

On Enterprise, the same data is available via the Analytics API. That gives you programmatic access for your own dashboards, including per-user activity, skill invocations, and connector invocations alongside the existing Chat and Claude Code metrics. This is the right surface for adoption tracking, ROI denominators, and the "which workflows are actually landing" questions leadership will eventually ask.

OpenTelemetry monitoring — the security visibility surface

OpenTelemetry support expanded with the GA release. On Team and Enterprise plans (Claude Desktop 1.1.4173+), Cowork streams events for:

  • User prompts — full text of prompts users submit
  • Tool and MCP invocations — server name, tool name, parameters, success/failure, execution time
  • File access — paths Claude reads or modifies, including via MCP and folder-scoped local files
  • Skills and plugins — which were invoked in the session
  • Human approval decisions — whether each AI-initiated action was approved manually, rejected, or auto-approved by existing permissions
  • API requests and errors — model, token counts, estimated cost, duration, errors

A shared prompt.id attribute links every event triggered by a single user prompt, so you can reconstruct exactly what Claude did in response to one input. That matters a lot during an incident investigation. Compatible collectors include Splunk, Cribl, Elasticsearch, Loki, ClickHouse, Honeycomb, and Datadog.

[!]

OpenTelemetry is not audit logging

Anthropic is explicit about this: OpenTelemetry events do not satisfy formal audit requirements. Cowork activity remains excluded from Audit Logs, the Compliance API, and Data Exports. If your workloads are governed by HIPAA, SOX, PCI-DSS, or SOC 2, OpenTelemetry does not close that gap. Lesson 6.3 covers the audit blind spot in depth.

Zoom MCP connector

Zoom shipped an MCP connector alongside the 9 April release. They were the first major third-party vendor to launch a Cowork integration this way. The connector surfaces AI Companion meeting summaries, action items, transcripts, and smart recordings inside Cowork sessions, so you can ask Claude "summarise yesterday's leadership review and draft the follow-ups" without leaving the desktop app. Add it from the connector directory in Claude's settings. Treat it as a template for the ecosystem to come. More vendors will follow.

What still didn't change

Be clear with your security and compliance partners about what the GA release did not do:

  • Cowork is still excluded from Audit Logs, the Compliance API, and Data Exports. OpenTelemetry helps but does not substitute.
  • Computer Use is still research preview and still restricted to Pro and Max plans. Team and Enterprise do not have access.
  • Local data residency still applies. Cowork conversation history and outputs live on the user's machine. Anthropic's geographic and ZDR guarantees don't extend to local files.
  • Team plans remain all-or-nothing on the Cowork toggle. RBAC is Enterprise-only.

These aren't bugs Anthropic forgot to fix. They're deliberate architectural boundaries, and you need to communicate them honestly when you pitch a deployment.

Common Mistakes

Common Mistake

Telling leadership that Cowork now has full audit coverage because OpenTelemetry events are flowing into Splunk.

Instead: OpenTelemetry is observability, not audit logging. Cowork activity remains excluded from Audit Logs, Compliance API, and Data Exports — Anthropic states this explicitly. Be precise: 'we have telemetry for security monitoring and adoption tracking; we do not have a formal audit trail that satisfies regulated frameworks.'

Common Mistake

Buying Team plan for the Finance team specifically so you can give them Computer Use to automate spreadsheet work.

Instead: Team and Enterprise plans do not currently have access to Computer Use. Computer Use is in research preview on Pro and Max plans only. If a specific team genuinely needs Computer Use today, the only path is individual Pro or Max subscriptions — but you lose Team-plan governance. Most spreadsheet automation should use the Office agents (Excel, PowerPoint, Word) instead.

Common Mistake

Assuming RBAC means you can finally restrict Cowork on Team plans by department.

Instead: RBAC is Enterprise-only. Team plans remain all-or-nothing on the Cowork toggle — there are no groups or custom roles. If your governance model requires per-team enablement and you're on Team, you have two real options: stay all-or-nothing, or move to Enterprise.

Standing up Cowork for a 200-person Enterprise org

Before

Toggle Cowork on for the whole organisation. Hope no one breaks anything. Pull adoption numbers from a Slack survey three months later.

After

1. Create a SCIM-mapped 'cowork-pilot' group with 15 willing users. 2. Assign a custom role that enables Cowork but disables external MCP connectors initially. 3. Route OpenTelemetry events to your existing SIEM and set alerts for unusual file access. 4. Track adoption in Analytics > Cowork weekly. 5. After four clean weeks, expand the group via SCIM. Set per-team spend limits before going broader.

Hands-On Activity

Hands-On Activity

Design Your RBAC Rollout Plan

25 min

Map your organisation onto Cowork's Enterprise governance surface. Decide which groups get which capabilities, what your spend limits should be, and what you'll watch for in OpenTelemetry.

What you will learn

  • Translate your org chart into Cowork SCIM groups and custom roles
  • Set defensible per-team spend limits using token-cost reasoning
  • Define the OpenTelemetry signals that should trigger an alert
  • Recognise which controls close real gaps and which are aspirational
  1. 01

    Sketch three SCIM groups for your organisation: a pilot group (10-20 users), a controlled-rollout group (one full team), and a general-access group (everyone else by default disabled). Note which capabilities each group should have access to: Cowork itself, specific MCP connectors, plugins, skills.

    Why: RBAC is only useful if your group model maps to real organisational units. Designing this on paper before configuring it in the admin console catches the assumption that everyone wants the same thing.

    Expected: A three-group plan with explicit capability matrices. Each row of the matrix is a justification you could defend to a sceptical security partner.

  2. 02

    For each group, set a monthly spend limit. Use this rough heuristic: estimate sessions per user per week, multiply by your typical session token cost, multiply by users in the group, multiply by 4.3 (weeks per month), then add 25% headroom. Document your assumptions.

    Why: Group spend limits are only as useful as the reasoning behind them. Limits set without underlying assumptions either get raised every month or get hit and frustrate the team.

    Expected: Three numeric limits with explicit token/session/user maths behind each. The maths is more important than the number — it lets you adjust as you learn.

  3. 03

    Open your SIEM (or any monitoring tool you have). List five OpenTelemetry events from Cowork that should trigger an alert at your organisation. Examples: file access outside scoped folders, MCP invocations to non-allowlisted servers, prompts containing specific data classifiers, unusually high token spend in a single session, repeated rejected approval decisions on the same tool.

    Why: OpenTelemetry is a firehose. Without specific alert rules tied to your risk posture, the stream becomes noise and you get audit-theatre instead of audit-coverage.

    Expected: Five concrete alert rules tied to specific event types and attributes. Each rule should answer the question: what would this catch that we wouldn't catch otherwise?

Practice Question

Practice Question

A regulated insurer's CISO asks: 'Now that Cowork is GA on our Enterprise plan and we have OpenTelemetry flowing into Splunk plus the Cowork Analytics API, can we use Cowork to summarise customer claims for our claims handlers, given our SOX and HIPAA obligations?' What is the correct response?

Sources