Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

GraphQL dynamic groupsField not working if type of group is list

0

I am trying to create a project for internal employees to give permission based on groupsField.

I have referred the AWS documentation for dynamic permission, but it's not working in my case.

Here's relevant part of graphql schema

type something
@auth(
  rules: [

             { allow: groups, groups: ["Admin"] }
             { allow: groups, groupsField: "groupRead", operations: [read] }
             { allow: public }



]
)
  @model
  @searchable
{
  id: ID!
  phone: String
  email: String
  groupRead: [String!]

}

If I try to search the result from my front-end side and in AppSync, it's not allowing me search anything and give back empty array of items.

Two errors:

Not authorized to access the list gives back empty result

But if I change to groupRead: String!

Then it works for front-end as well as in AppSync. But In this case, for dynamoDB I can not assign more than one value to groupRead. As an admin I want to give them more than one department read permission.

All static group permissions are working perfectly fine, for instance Admin.

Goal: groupRead should be type of list, so in DynamoDB I can pass multiple value to groupRead.

Themen
ServerlosFrontend-Web & MobileAnwendungsintegrationSicherheit, Identität & KonformitätDatenbank
Tags
AWS AppSyncAmazon CognitoAmazon DynamoDB
Sprache
English
rePost-User-1856738
gefragt vor einem Jahr80 Aufrufe
Keine Antworten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt