maintainx-enterprise-rbac
Configure enterprise role-based access control for MaintainX integrations. Use when implementing SSO, managing organization-level permissions, or setting up enterprise access controls with MaintainX. Trigger with phrases like "maintainx rbac", "maintainx sso", "maintainx enterprise", "maintainx permissions", "maintainx roles".
Install
mkdir -p .claude/skills/maintainx-enterprise-rbac && curl -L -o skill.zip "https://mcp.directory/api/skills/download/7270" && unzip -o skill.zip -d .claude/skills/maintainx-enterprise-rbac && rm skill.zipInstalls to .claude/skills/maintainx-enterprise-rbac
About this skill
MaintainX Enterprise RBAC
Overview
Configure enterprise role-based access control for MaintainX integrations with role definitions, location-scoped permissions, and audit logging.
Prerequisites
- MaintainX Enterprise plan
- Understanding of RBAC concepts
- Node.js 18+
MaintainX Role Hierarchy
Organization Admin
├── can manage all locations, users, teams, and settings
├── Full API access
│
Location Manager
├── can manage work orders, assets at assigned locations
├── API: filtered by locationId
│
Technician
├── can view/update assigned work orders
├── API: filtered by assigneeId
│
Viewer (Read-Only)
└── can view work orders, assets, locations
└── API: GET endpoints only
Instructions
Step 1: Role Definitions
// src/rbac/roles.ts
export type Role = 'admin' | 'manager' | 'technician' | 'viewer';
interface Permission {
resource: string;
actions: Array<'create' | 'read' | 'update' | 'delete'>;
scope?: 'all' | 'location' | 'assigned';
}
export const ROLE_PERMISSIONS: Record<Role, Permission[]> = {
admin: [
{ resource: 'workorders', actions: ['create', 'read', 'update', 'delete'], scope: 'all' },
{ resource: 'assets', actions: ['create', 'read', 'update', 'delete'], scope: 'all' },
{ resource: 'locations', actions: ['create', 'read', 'update', 'delete'], scope: 'all' },
{ resource: 'users', actions: ['create', 'read', 'update', 'delete'], scope: 'all' },
{ resource: 'teams', actions: ['create', 'read', 'update', 'delete'], scope: 'all' },
],
manager: [
{ resource: 'workorders', actions: ['create', 'read', 'update'], scope: 'location' },
{ resource: 'assets', actions: ['create', 'read', 'update'], scope: 'location' },
{ resource: 'locations', actions: ['read'], scope: 'location' },
{ resource: 'users', actions: ['read'], scope: 'all' },
{ resource: 'teams', actions: ['read'], scope: 'all' },
],
technician: [
{ resource: 'workorders', actions: ['read', 'update'], scope: 'assigned' },
{ resource: 'assets', actions: ['read'], scope: 'location' },
{ resource: 'locations', actions: ['read'], scope: 'location' },
],
viewer: [
{ resource: 'workorders', actions: ['read'], scope: 'all' },
{ resource: 'assets', actions: ['read'], scope: 'all' },
{ resource: 'locations', actions: ['read'], scope: 'all' },
],
};
Step 2: Permission Middleware
// src/rbac/middleware.ts
import express from 'express';
interface AuthContext {
userId: number;
role: Role;
locationIds: number[]; // Locations this user can access
}
function authorize(resource: string, action: 'create' | 'read' | 'update' | 'delete') {
return (req: express.Request, res: express.Response, next: express.NextFunction) => {
const auth = req.user as AuthContext;
if (!auth) return res.status(401).json({ error: 'Not authenticated' });
const perms = ROLE_PERMISSIONS[auth.role];
const match = perms.find(
(p) => p.resource === resource && p.actions.includes(action),
);
if (!match) {
return res.status(403).json({
error: 'Insufficient permissions',
required: { resource, action },
role: auth.role,
});
}
// Apply scope filtering
if (match.scope === 'location') {
req.query.locationId = auth.locationIds.join(',');
} else if (match.scope === 'assigned') {
req.query.assigneeId = String(auth.userId);
}
next();
};
}
// Usage in routes
const router = express.Router();
router.get('/api/workorders', authorize('workorders', 'read'), async (req, res) => {
const client = new MaintainXClient();
const { data } = await client.getWorkOrders(req.query as any);
res.json(data);
});
router.post('/api/workorders', authorize('workorders', 'create'), async (req, res) => {
const client = new MaintainXClient();
const { data } = await client.createWorkOrder(req.body);
res.json(data);
});
Step 3: Scoped API Keys
Create separate API keys per role to enforce server-side access control:
// src/rbac/scoped-clients.ts
const scopedClients: Record<Role, MaintainXClient> = {
admin: new MaintainXClient(process.env.MAINTAINX_API_KEY_ADMIN),
manager: new MaintainXClient(process.env.MAINTAINX_API_KEY_MANAGER),
technician: new MaintainXClient(process.env.MAINTAINX_API_KEY_TECH),
viewer: new MaintainXClient(process.env.MAINTAINX_API_KEY_VIEWER),
};
function getClientForRole(role: Role): MaintainXClient {
const client = scopedClients[role];
if (!client) throw new Error(`No client configured for role: ${role}`);
return client;
}
Step 4: User and Team Management
// Fetch all users and their roles
async function listUsersWithRoles(client: MaintainXClient) {
const { data } = await client.getUsers({ limit: 100 });
const { data: teams } = await client.request('GET', '/teams');
const userTeams = new Map<number, string[]>();
for (const team of teams.teams) {
for (const member of team.members || []) {
const existing = userTeams.get(member.id) || [];
existing.push(team.name);
userTeams.set(member.id, existing);
}
}
for (const user of data.users) {
const teamList = userTeams.get(user.id) || [];
console.log(` ${user.firstName} ${user.lastName} (${user.email})`);
console.log(` Role: ${user.role || 'N/A'} | Teams: ${teamList.join(', ') || 'None'}`);
}
}
Step 5: Audit Logging
// src/rbac/audit.ts
function logAccess(auth: AuthContext, resource: string, action: string, result: 'allow' | 'deny') {
const entry = {
timestamp: new Date().toISOString(),
type: 'access_control',
userId: auth.userId,
role: auth.role,
resource,
action,
result,
locationScope: auth.locationIds,
};
// Send to your log aggregation (CloudWatch, Datadog, etc.)
console.log(JSON.stringify(entry));
}
Output
- Role definitions mapping roles to resource permissions and scopes
- Express middleware enforcing RBAC on all API proxy routes
- Location-scoped and assignee-scoped query filtering
- Scoped API keys per role for defense in depth
- Audit logging for all access control decisions
Error Handling
| Issue | Cause | Solution |
|---|---|---|
| 403 on valid user | Missing permission for action | Check ROLE_PERMISSIONS mapping |
| Empty results for manager | Location scope filter too narrow | Verify locationIds in auth context |
| Scoped key missing | Environment variable not set | Add MAINTAINX_API_KEY_{ROLE} to env |
| Audit log gaps | Middleware not applied to route | Ensure authorize() is on all routes |
Resources
Next Steps
For complete platform migration, see maintainx-migration-deep-dive.
Examples
Check if a user can perform an action:
function canPerform(role: Role, resource: string, action: string): boolean {
const perms = ROLE_PERMISSIONS[role];
return perms.some((p) => p.resource === resource && p.actions.includes(action as any));
}
console.log(canPerform('technician', 'workorders', 'update')); // true
console.log(canPerform('technician', 'workorders', 'delete')); // false
console.log(canPerform('viewer', 'workorders', 'read')); // true
More by jeremylongshore
View all skills by jeremylongshore →You might also like
ui-ux-pro-max
nextlevelbuilder
"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."
flutter-development
aj-geddes
Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.
drawio-diagrams-enhanced
jgtolentino
Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.
godot
bfollington
This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.
pdf-to-markdown
aliceisjustplaying
Convert entire PDF documents to clean, structured Markdown for full context loading. Use this skill when the user wants to extract ALL text from a PDF into context (not grep/search), when discussing or analyzing PDF content in full, when the user mentions "load the whole PDF", "bring the PDF into context", "read the entire PDF", or when partial extraction/grepping would miss important context. This is the preferred method for PDF text extraction over page-by-page or grep approaches.
nano-banana-pro
garg-aayush
Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.
Related MCP Servers
Browse all servers
NetlifyEffortlessly manage Netlify projects with AI using the Netlify MCP Server—automate deployment, sites, and more via natur
Okta MCP ServerOfficial Okta MCP server for managing identity and access management through AI. Automate user provisioning, group manag
Chrome DevToolsUse Chrome DevTools for web site test speed, debugging, and performance analysis. The essential chrome developer tools f
BlenderConnect Blender to Claude AI for seamless 3D modeling. Use AI 3D model generator tools for faster, intuitive, interactiv
Chrome MCPChrome extension-based MCP server that exposes browser functionality to AI assistants. Control tabs, capture screenshots
Exa SearchEmpower AI with the Exa MCP Server—an AI research tool for real-time web search, academic data, and smarter, up-to-date