Permissions, Usage & Chọn Model

Quản lý rủi ro & hiệu quảTrung cấp20 phút

Cowork có thể: - Read/write real files on your disk - Connect to real systems — email, CRM, bank data, PHI (healthcare), PII (personal info) - Run code in isolated environments - Send real emails (nếu bạn grant) - Delete files (với approval gate)

Bạn sẽ học được
  • Mô tả các safety boundaries Cowork operate trong đó
  • Quản lý allocation hiệu quả — cut waste, preserve budget cho critical work
  • Chọn đúng model (Opus / Sonnet / Haiku) cho mỗi task
  • Build habit review outputs trước khi act on them
  • Audit & compliance considerations cho regulated workloads

Phần 1: Permissions & Safety

4 safety boundaries

Isolated execution — What it means concretely

Cowork's work happens trong a sandbox:

Practically: Cowork chạy Python code để process data → code chạy isolated, không impact Python environment của bạn. Installed packages riêng.

File access — Grant granularity

Best practice: Never grant root (/, C:\). Always grant specific project folders.

Network policies

Nếu công ty bạn có corporate firewall, VPN, Zero Trust Network Access — Cowork respects all of it. Không bypass. Network request Cowork makes goes through same egress rules như browser của bạn.

Implication: Nếu IT whitelist *.anthropic.com, Cowork work. Nếu không, Cowork connector setup fails với clear error.

Deletion gating

Cowork không tự delete files permanently. Khi delete needed:

┌──────────────────────────────────────────────────┐
│  YOUR OS (main system — protected)               │
│                                                  │
│  ┌────────────────────────────────────────┐     │
│  │  COWORK SANDBOX                         │     │
│  │                                         │     │
│  │  ├── Approved folder (read/write)      │     │
│  │  ├── Connected tools (via OAuth scopes)│     │
│  │  ├── Isolated compute (code runs here) │     │
│  │  └── Network (subject to your policies)│     │
│  └────────────────────────────────────────┘     │
│                                                  │
│  ❌ Cowork cannot touch:                          │
│  • System files (OS internals)                   │
│  • Other folders not granted                     │
│  • Apps not via connector                        │
│  • Network endpoints outside your policies       │
└──────────────────────────────────────────────────┘
Folder access granted TO Cowork:
  ✅ That folder's files (read + write)
  ✅ That folder's subfolders
  ❌ Parent folder
  ❌ Sibling folders
  ❌ Root filesystem

Deletion gating

Bạn luôn có final approval.

Conversation history storage

Quan trọng: Cowork conversation history stored locally on your machine (không phải cloud — kiểm tra plan's documentation cho chi tiết storage chính xác và retention).

Implication:

Audit logging & compliance

Nếu bạn có workloads với regulatory requirements (HIPAA, GDPR, SOC2, PCI-DSS...):

  • ✅ Conversations không leaked to cloud (trong default config)
  • ✅ Easy backup, restore (copy Claude Desktop data folder)
  • ⚠️ If laptop compromised, conversations accessible locally
  • ⚠️ Disk encryption matters (FileVault / BitLocker) cho sensitive work
  • Check plan's documentation cho current audit logging features
  • Team & Enterprise plans có enhanced compliance controls
  • Ask admin về audit trail config nếu cần
⚠️  Cowork đề xuất delete:

   - old-draft-v1.docx  (replaced by v2)
   - temp-export.csv    (processed, safe to remove)
   - screenshots/       (unused, 15 files)

   Proceed with delete? [Yes, delete all] [Review each] [Cancel]

Phần 2: Usage Allocation

Why Cowork uses more hơn chat

Cowork inherently more compute-intensive vì:

Quantifier: Single Cowork task có thể tốn 5-50× compute của chat turn. Not linear to length — depends trên structure.

Good habits cho allocation management

Habit #1: Batch related work

Not ideal:

Mỗi new session có cold-start cost: load context, parse prompts, warm up.

Better:

  • Multi-step tasks (mỗi step = API call)
  • Long-running work (10-30 phút runtime typical)
  • Subagents parallelize (N times compute)
  • Reading nhiều files (tokens)
  • Generating structured outputs (more tokens than chat reply)
┌────────────────────────────────────────────────────┐
│                                                    │
│   1. 📦 BATCH RELATED WORK                          │
│      Starting fresh session có overhead            │
│      Several related tasks → 1 session             │
│                                                    │
│   2. 💬 USE CHAT FOR TASKS THAT FIT                 │
│      Task không cần files/tools/real output?       │
│      Chat faster + cheaper                         │
│                                                    │
│   3. 👀 MONITOR WHERE YOU STAND                     │
│      Cowork settings include usage visibility      │
│      Check periodically, especially building habits│
│                                                    │
└────────────────────────────────────────────────────┘
Task 1 trong new session → finish
Close, reopen
Task 2 trong new session → finish  
Close, reopen
Task 3 trong new session → finish

Habit #1: Batch related work

Warm context thread saves overhead.

Habit #2: The right tool for each shape

Recall decision rule từ Bài 3.0:

Common misuse: Using Cowork cho:

All of above are chat-shaped. Cowork does them but wastefully.

Habit #3: Monitor usage

Where to find:

  • ✅ Yes → Cowork
  • ❌ No → Chat
  • Brainstorm session ("help me think about strategy")
  • Quick Q&A ("what's the syntax for X?")
  • Writing refinement ("make this paragraph punchier")
  • Explain concept ("how does vectorization work?")
New session:
  Task 1 → wait output
  Task 2 (follow-up) → wait output
  Task 3 (related) → wait output
End session.

Habit #3: Monitor usage

Track trend:

Common allocation sinks

Low-cost alternatives

  • Spike weeks → identify which tasks consumed most
  • Steady weeks → comfortable, can take on more ambitious work
DoingInstead try
Opus cho quick file sortHaiku
Scheduled every 30 minEvery 2-4 hours
"Read everything và tell me about it""Find [specific signal] in folder"
Re-prompt full task khi tweak smallTell Claude to revise specific section
10 parallel subagents for 3 itemsSequential, fewer subagents
┌────────────────────────────────────────────────────┐
│                                                    │
│   🚨 HIGH-COST PATTERNS (watch out for)             │
│                                                    │
│   • Running Opus cho simple tasks                  │
│   • Scheduled tasks cadence quá tight (every 15m)  │
│   • Huge file/folder ingestion with vague prompt   │
│   • Re-running failed tasks without fix           │
│   • Subagent spawn cho sequential task             │
│                                                    │
└────────────────────────────────────────────────────┘
Settings → Cowork → Usage

Weekly allocation: 100 units
Used: 67 units (67%)
Reset: Friday 23:59 UTC

Phần 3: Model Selection

Three tiers of Claude

Claude models come in three capability tiers, trade-off capability vs cost:

Decision framework: Match model to task

Concrete examples per tier

✅ Haiku fits:

✅ Sonnet fits:

✅ Opus fits:

Switch model trong Cowork

Top of Cowork window hoặc settings:

Change per task hoặc set default trong Settings.

Model comparison — What actually differs

"Default to highest" anti-pattern

Many users fall into: "I'll use Opus cho everything — why settle for less?"

Wrong because:

Rule of thumb:

Task workflow: Haiku draft → Sonnet polish → Opus tough cases

Sophisticated pattern:

Total cost << all Opus. Total quality similar.

  • "Extract invoice # from 100 PDFs"
  • "Format these 50 emails consistently"
  • "What's the syntax for SQL inner join?"
  • "Summary of 1-page document"
  • "Classify 500 tickets by category"
  • "Review this contract against template, flag differences"
  • "Draft weekly report from data + Slack + emails"
  • "Create project tracker from meeting notes"
  • "Explain this regulation and implications"
  • "Refactor this code module"
  • "Synthesize literature review from 40 papers with contradictions + research gaps"
  • "Architect a new data pipeline, considering 5 constraints + 3 trade-offs"
  • "Build comprehensive financial model với sensitivity analysis"
  • "Legal brief with case law research and argument structure"
  • "Debug this subtle concurrency issue"
  • Opus 5-10× cost of Haiku per operation
  • Simple tasks don't benefit — Opus output similar
  • Faster feedback loop với Haiku cho iteration
  • Run out of allocation sooner
AspectOpusSonnetHaiku
Context windowLargeLargeMedium
Reasoning depthDeepestGoodShallow
SpeedSlowerFastFastest
Cost / runHighestMediumLowest
CreativityHighestGoodBasic
Tool useBestGoodGood
Multi-step coherenceBestGoodWeaker on long chains
Code generationBestGoodSimple tasks only
┌─────────────────────────────────────────────────┐
│                                                 │
│   Start with SONNET (default)                   │
│                                                 │
│   Downgrade to HAIKU if:                        │
│   - Task simple (extract/format/classify)       │
│   - Need speed (bulk processing)                │
│   - Iterate cheaply                             │
│                                                 │
│   Upgrade to OPUS if:                           │
│   - Multi-step reasoning needed                 │
│   - High-stakes output (legal, financial)       │
│   - Complex architecture/design                 │
│                                                 │
└─────────────────────────────────────────────────┘
Step 1: Haiku - bulk draft 50 responses   (fast, cheap)
Step 2: Sonnet - polish top 20            (quality)
Step 3: Opus - handle 3 tricky cases      (depth)

Phần 4: Review habit

Why review matter disproportionately

Key insight:

Polished PDF với charts và exec summary có thể có:

Look same như correct version. Only your review catches it.

The 3-step review habit

Review checklist cho high-stakes outputs

Cho outputs bạn sẽ act on (send to exec, submit to regulator, pay customers):

When review fails

Typical errors Cowork can make:

📊 Numerical errors

📝 Citation errors

🧠 Reasoning errors

🎨 Format errors

All look polished in output. Review is the catch.

Context: AI Fluency's 4D framework

Anthropic's AI Fluency course (anthropic.com/ai-fluency) identifies 4 competencies:

Cowork leverage = Delegation (giao việc). But Discernment + Diligence là cái catch errors.

Build all 4 competencies, not just delegation.

  • Wrong number in chart
  • Misattributed quote
  • Logical gap in argument
  • Regulatory claim unverified
  • [ ] Opened file (not just read Cowork's summary)
  • [ ] Spot-checked 3 random numbers against source
  • [ ] Verified 1 quote/citation
  • [ ] Followed logic of 1 major recommendation
  • [ ] Checked formatting consistency
  • [ ] Flagged anything unclear back to Cowork
  • [ ] Had peer review if >$X impact / sensitive
  • Wrong aggregation (sum vs average)
  • Unit mismatches (thousands vs millions)
  • Rounding where precision matters
  • Attribute quote to wrong source
  • Mix up authors
  • Date/year wrong
  • Assume correlation = causation
  • Sample selection bias unnoticed
  • Missing counter-evidence
  • Charts titled wrong
  • Chart axis inverted
  • Data cut off
  • Delegation — what to hand to AI
  • Description — how to describe tasks
  • Discernment — review outputs critically ← this lesson
  • Diligence — verify, audit, iterate
┌────────────────────────────────────────────────────┐
│                                                    │
│   Before acting on output, do 3 things:            │
│                                                    │
│   1. 📂 OPEN THE FILE                               │
│      Don't rely on Cowork's summary text.          │
│      Actually open the artifact.                   │
│                                                    │
│   2. 🔢 CHECK A NUMBER                              │
│      Pick 1 specific number.                       │
│      Trace back to source file.                    │
│      Verify.                                       │
│                                                    │
│   3. 🧵 FOLLOW ONE THREAD OF REASONING              │
│      Pick 1 claim → evidence → source.             │
│      Does it hold up?                              │
│                                                    │
│   ~5 phút. Catches 90%+ of errors.                 │
└────────────────────────────────────────────────────┘

Bảng tổng hợp: Decision matrix

Use this cheat sheet cho mỗi task:

┌────────────────────────────────────────────────────────┐
│                                                        │
│   Task incoming                                        │
│           │                                            │
│           ▼                                            │
│    ┌─────────────┐                                     │
│    │ Need files/ │  No  ┌──────────────────┐           │
│    │ tools/real  ├─────▶│   Use CHAT       │           │
│    │ output?     │      └──────────────────┘           │
│    └──────┬──────┘                                     │
│           │Yes                                         │
│           ▼                                            │
│    ┌─────────────┐                                     │
│    │ Task        │                                     │
│    │ complexity? │                                     │
│    └──────┬──────┘                                     │
│           │                                            │
│    ┌──────┼──────┬──────────┐                         │
│    ▼      ▼      ▼          ▼                         │
│  Simple  Standard Complex   Regulated                  │
│  Haiku   Sonnet   Opus      Opus + audit              │
│                                                        │
│    │      │      │          │                         │
│    └──────┴──────┴──────────┘                         │
│           ▼                                            │
│    ┌─────────────┐                                     │
│    │   Execute   │                                     │
│    └──────┬──────┘                                     │
│           ▼                                            │
│    ┌─────────────┐                                     │
│    │   Review    │  Always                             │
│    │  (3-step)   │                                     │
│    └─────────────┘                                     │
└────────────────────────────────────────────────────────┘

Ví dụ theo ngành

⚖️ Legal Counsel — High stakes, audit needed

Task: Contract review cho partnership agreement $5M.

Setup:

Review habit: Open file, check 5 random clauses against template, verify all "red flag" flagged sections make sense, partner sign-off trước send.

💰 Finance — Recurring with trust built

Task: Monthly reconciliation (done 12+ times).

Setup:

Review habit: Spot-check 3 random matched transactions, review exception report carefully, CFO sign-off before books close.

📣 Marketing — Bulk content, low stakes

Task: Generate 50 product descriptions từ spec.

Setup:

Review habit: Sample 10 random descriptions, check against brand voice, fix outliers — rest trust.

🔬 Research — Deep synthesis, high cost OK

Task: Literature review synthesis cho grant.

Setup:

Review habit: Verify 10 random citations, check for made-up references, PhD colleague peer-review.

  • Model: Opus (complex reasoning, high stakes)
  • Folder: /contracts/partnerships/active/
  • Connectors: Microsoft 365 (Word, SharePoint)
  • Audit: enable Enterprise audit logging
  • Model: Sonnet (trusted workflow, no need Opus)
  • Scheduled: 1st of month 6am
  • Folder: /monthly-close/[YYYY-MM]/
  • Model: Haiku (bulk, simple transformation)
  • Folder: /product-launches/spring-2026/
  • No scheduling
  • Model: Opus (deep reasoning needed)
  • Multi-phase prompt
  • Allocation budget: entire week's quota acceptable

Anti-patterns

❌ Opus-by-default mindset

Cost: 5-10× more than needed cho simple tasks.

Fix: Start Sonnet. Upgrade only when task demands it.

❌ Cowork cho all conversation shapes

Cost: Chat-shaped tasks in Cowork waste allocation.

Fix: Internalize decision rule — "does it need files/tools/output file?"

❌ Skip review vì "Cowork usually gets it right"

Cost: When it's wrong, you propagate error.

Fix: 3-step review là minimum. No shortcut.

❌ Connect tools "just in case"

Cost: Security surface area. Token management overhead.

Fix: Connect essential 5, add incrementally as needed.

❌ Grant write scopes cho everything

Cost: Missed errors get sent for real.

Fix: Default read-only. Write for trusted workflows only.

❌ Ignore usage monitoring until cap hit

Cost: Surprise mid-week.

Fix: Weekly glance at allocation dashboard. Adjust model/batching.

❌ Schedule everything weekly, even tasks running every day

Cost: Spike at schedule time.

Fix: Spread schedules throughout week. Mix daily/weekly/monthly.

Mẹo nâng cao

💡 Mẹo 1: "Prompt 1 lần với Opus, rerun với Haiku pattern"

For exploratory:

💡 Mẹo 2: Model switching mid-task

Complex task có phases:

Explicitly prompt:

💡 Mẹo 3: Track "allocation per hour saved"

Metric: allocation used / time_saved_vs_manual = efficiency ratio.

Reconcile task: 5 units allocation, saves 6 hours = 1.2 hrs/unit. Generic brainstorm: 3 units, saves 30 min = 0.17 hrs/unit.

Second task is low efficiency → move to chat.

💡 Mẹo 4: Pre-flight prompts for sensitive tasks

Before any "send email" / "delete files" / "submit" task:

Forces dry-run mode.

💡 Mẹo 5: Use Haiku cho "decide which model" tasks

Meta:

Haiku answers instantly. Route decision.

  • Iteration 1-3 với Opus (figure out what works)
  • Once stable, save as skill hoặc template
  • Future runs với Haiku (execute proven pattern)
  • Phase 1 (research): Opus (needs reasoning)
  • Phase 2 (format): Sonnet (standard formatting)
  • Phase 3 (bulk output): Haiku (repetitive)

Áp dụng ngay

Bài tập 1: Review habit practice (~5 phút)

Take output Cowork gần đây của bạn. Run 3-step review:

Found any error? ☐ Yes ☐ No

If yes → what would have been impact nếu không review?

Bài tập 2: Model audit (~5 phút)

Look at 5 recent Cowork tasks. For each:

Adjust going forward.

Bài tập 3 (optional): Usage monitoring (~2 phút)

Open Settings → Cowork → Usage.

Note:

  • [ ] Opened file (actually)
  • [ ] Checked 1 number against source
  • [ ] Followed 1 reasoning thread
  • Current usage: ___%
  • Days left in period: ___
  • Pace: on track / spiking / under
TaskModel usedShould have beenReason
1. ___Opus/Sonnet/Haiku______
2. ____________
3. ____________
4. ____________
5. ____________

Tóm tắt bài học

🎯 4 safety boundaries: isolated exec, file grant, network policies, deletion gate — Cowork operates within

🎯 Allocation: batch work, chat for fits, monitor — Cowork uses more than chat, use wisely

🎯 3 tiers: Haiku / Sonnet / Opus — match model to task complexity, default Sonnet

🎯 Review habit: open file, check 1 number, follow 1 thread — Cowork's confidence = same right vs wrong

🎯 Regulated workloads need extra audit check — verify plan's compliance features trước production use

🎯 "Default Opus everywhere" = waste — upgrade strategically, not reflexively

Tài liệu tham khảo
  • AI Fluency course — 4 competencies: Delegation, Description, Discernment, Diligence
  • Choosing the right Claude model
  • Claude plans & pricing
  • Help Center: Cowork usage
  • Enterprise compliance & audit
Nội dung này có hữu ích không?