maintainx-enterprise-rbac

# MaintainX Enterprise RBAC ## Overview Configure enterprise role-based access control for MaintainX integrations with role definitions, location-scoped permissions, and audit logging. ## Prerequisites - MaintainX Enterprise plan - Understanding of RBAC concepts - Node.js 18+ ## MaintainX Role Hierarchy ``` Organization Admin ├── can manage all locations, users, teams, and settings ├── Full API access │ Location Manager ├── can manage work orders, assets at assigned locations ├── API: filtered by locationId │ Technician ├── can view/update assigned work orders ├── API: filtered by assigneeId │ Viewer (Read-Only) └── can view work orders, assets, locations └── API: GET endpoints only ``` ## Instructions ### Step 1: Role Definitions ```typescript // src/rbac/roles.ts export type Role = 'admin' | 'manager' | 'technician' | 'viewer'; interface Permission { resource: string; actions: Array<'create' | 'read' | 'update' | 'delete'>; scope?: 'all' | 'location' | 'assigned'; } export const ROLE_PERMISSIONS: Record<Role, Permission[]> = { admin: [ { resource: 'workorders', actions: ['create', 'read', 'update', 'delete'], scope: 'all' }, { resource: 'assets', actions: ['create', 'read', 'update', 'delete'], scope: 'all' }, { resource: 'locations', actions: ['create', 'read', 'update', 'delete'], scope: 'all' }, { resource: 'users', actions: ['create', 'read', 'update', 'delete'], scope: 'all' }, { resource: 'teams', actions: ['create', 'read', '...