Evernote Enterprise RBAC
Overview
Implement role-based access control for Evernote integrations, including Evernote Business account handling, shared notebook permissions, multi-tenant architecture, and authorization middleware.
Prerequisites
- Understanding of Evernote Business accounts and shared notebooks
- Multi-tenant application architecture
- Authentication/authorization infrastructure
Instructions
Step 1: Evernote Permission Model
Evernote has built-in sharing permissions for notebooks: READ_NOTEBOOK, MODIFY_NOTEBOOK_PLUS_ACTIVITY, READ_NOTEBOOK_PLUS_ACTIVITY, GROUP, FULL_ACCESS. Map these to your application's role system.
const EvernotePermissions = {
READ: 'READ_NOTEBOOK',
WRITE: 'MODIFY_NOTEBOOK_PLUS_ACTIVITY',
FULL: 'FULL_ACCESS'
};
const AppRoles = {
viewer: [EvernotePermissions.READ],
editor: [EvernotePermissions.READ, EvernotePermissions.WRITE],
admin: [EvernotePermissions.FULL]
};
Step 2: RBAC Service
Build a service that checks whether a user has the required permission for an operation. Query shared notebook privileges via noteStore.listSharedNotebooks() and getSharedNotebookByAuth().
class RBACService {
async canAccess(userToken, notebookGuid, requiredPermission) {
const noteStore = this.getAuthenticatedNoteStore(userToken);
const sharedNotebooks = await noteStore.listSharedNotebooks();
const shared = sharedNotebooks.find(sn => sn.notebookGuid === notebookGuid);
if (!shared) return false;
return this.hasPermission(shared.privilege, requiredPermission);
}
}
Step 3: Authorization Middleware
Create Express middleware that validates the user's Evernote token and checks permissions before allowing access to protected routes.
Step 4: Evernote Business Integration
For Evernote Business accounts, use authenticateToBusiness() to get a business token. Business notebooks are shared across the organization. Use getBusinessNotebooks() to list them.
Step 5: Multi-Tenant Support
Isolate tenant data by scoping all Evernote operations to the tenant's access token. Never mix tokens between tenants. Store tenant-to-token mappings with encryption at rest.
For the full RBAC service, middleware, Business account integration, and multi-tenant architecture, see Implementation Guide.
Output
- Evernote permission model mapped to application roles
RBACServiceclass with permission checking- Express authorization middleware for protected routes
- Evernote Business account integration
- Multi-tenant token isolation and scoping
Error Handling
| Error | Cause | Solution |
|-------|-------|----------|
| PERMISSION_DENIED | User lacks required notebook permission | Verify shared notebook privileges |
| INVALID_AUTH | Business token expired | Re-authenticate with authenticateToBusiness() |
| Tenant data leak | Token scoping error | Validate tenant ID on every request |
| LIMIT_REACHED on sharing | Too many shared notebooks | Clean up unused shares (500 max per notebook) |
Resources
Next Steps
For migration strategies, see evernote-migration-deep-dive.
Examples
Team workspace: Create a shared notebook for each team. Assign editor role to team members and viewer role to stakeholders. Use middleware to enforce permissions on all note operations.
Business account sync: Authenticate to the business account, list all business notebooks, and sync shared notes to a central dashboard accessible by all organization members.