Obsidian Enterprise RBAC

Overview

Vault-level access control patterns for Obsidian in team environments. Covers folder-based permissions via .obsidian-permissions files, read-only enforcement for shared vaults, plugin allowlisting, and configuration lockdown through restricted mode.

Prerequisites

• Obsidian desktop app with a shared/synced vault
• Understanding of Obsidian's .obsidian/ configuration directory
• A sync mechanism in place (Git, Obsidian Sync, or shared filesystem)
• Node.js 18+ for scripted permission enforcement

Instructions

Step 1: Define a Permission Model

Create .obsidian-permissions at the vault root. This JSON file maps roles to folder access: