algolia-enterprise-rbac

# Algolia Enterprise RBAC ## Overview Algolia's access control is built on **API keys with ACL (Access Control Lists)**. Each key has specific permissions, index restrictions, and rate limits. For multi-tenant apps, **Secured API Keys** provide per-user filtering without creating individual keys. For team management, Algolia's dashboard supports team members with role-based access. ## API Key ACL Permissions | ACL | Operations Allowed | Use For | |-----|-------------------|---------| | `search` | Search queries | Frontend, search-only clients | | `browse` | Browse/export all records | Data export, migration scripts | | `addObject` | Add or replace records | Indexing pipelines | | `deleteObject` | Delete records | Data cleanup, GDPR deletion | | `editSettings` | Modify index settings | Deployment scripts | | `listIndexes` | List all indices | Monitoring, health checks | | `deleteIndex` | Delete entire indices | Admin operations only | | `analytics` | Read analytics data | Dashboards, reporting | | `recommendation` | Algolia Recommend API | Product recommendations | | `usage` | Read usage data | Billing monitoring | | `logs` | Read API logs | Debugging, audit | ## Instructions ### Step 1: Define Application Roles ```typescript import { algoliasearch } from 'algoliasearch'; const client = algoliasearch(process.env.ALGOLIA_APP_ID!, process.env.ALGOLIA_ADMIN_KEY!); // Role definitions with minimal permissions const ROLES = { // Backend search service: search only, scope...