- Newest
- Most votes
- Most comments
Thank you for reaching out to us regarding the above query.
As mentioned in the error message, field "and" which is being used in the @auth rules is not defined by type "AuthRule". Kindly note that, in Amplify when combining multiple authorization rules in your schema, they are "logically OR"-ed. Hence, the correct syntax of your schema would look like below :
type ClientDetails
@model
@auth(
rules: [
{ allow: owner, ownerField: "tenant", identityClaim: "custom:tenant" }
{ allow: owner, ownerField: "owner" }
{ allow: groups, groups: ["Customers"], operations: [read] }
{ allow: groups groups: ["Admin"] operations: [create, update, read] }
] ) {
id: ID!
tenant: String!
OrganizationName: String!
SuperUser: String!
}
- https://docs.amplify.aws/javascript/build-a-backend/graphqlapi/customize-authorization-rules/#configure-multiple-authorization-rules
- https://docs.amplify.aws/javascript/build-a-backend/graphqlapi/customize-authorization-rules/#configure-custom-identity-and-group-claims
Further, you might be aware that, combining Owner/Groups rules for Multi-Tenant Apps is an active Feature Request in Amplify and the internal team is aware of it. However, you may refer to the discussion done in the below GitHub Issue which mentions some of the workarounds used by different Amplify Community users.
- GitHub Issue (Feature Request) : https://github.com/aws-amplify/amplify-category-api/issues/449
- Possible Workaround : https://github.com/aws-amplify/amplify-category-api/issues/449#issuecomment-1129361090
Having said that, in case you face further challenges, please feel free to open a support case with AWS using the following link.
Relevant content
- asked 9 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago