I am trying to create a project for internal employees to give permission based on groupsField.
I have referred the AWS documentation for dynamic permission, but it's not working in my case.
Here's relevant part of graphql schema
type something
@auth(
rules: [
{ allow: groups, groups: ["Admin"] }
{ allow: groups, groupsField: "groupRead", operations: [read] }
{ allow: public }
]
)
@model
@searchable
{
id: ID!
phone: String
email: String
groupRead: [String!]
}
If I try to search the result from my front-end side and in AppSync, it's not allowing me search anything and give back empty array of items.
Two errors:
Not authorized to access the list
gives back empty result
But if I change to groupRead: String!
Then it works for front-end as well as in AppSync. But In this case, for dynamoDB I can not assign more than one value to groupRead. As an admin I want to give them more than one department read permission.
All static group permissions are working perfectly fine, for instance Admin.
Goal: groupRead should be type of list, so in DynamoDB I can pass multiple value to groupRead.