By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

GraphQL dynamic groupsField not working if type of group is list

0

I am trying to create a project for internal employees to give permission based on groupsField.

I have referred the AWS documentation for dynamic permission, but it's not working in my case.

Here's relevant part of graphql schema

type something
@auth(
  rules: [

             { allow: groups, groups: ["Admin"] }
             { allow: groups, groupsField: "groupRead", operations: [read] }
             { allow: public }



]
)
  @model
  @searchable
{
  id: ID!
  phone: String
  email: String
  groupRead: [String!]

}

If I try to search the result from my front-end side and in AppSync, it's not allowing me search anything and give back empty array of items.

Two errors:

Not authorized to access the list gives back empty result

But if I change to groupRead: String!

Then it works for front-end as well as in AppSync. But In this case, for dynamoDB I can not assign more than one value to groupRead. As an admin I want to give them more than one department read permission.

All static group permissions are working perfectly fine, for instance Admin.

Goal: groupRead should be type of list, so in DynamoDB I can pass multiple value to groupRead.

Topics
ServerlessFront-End Web & MobileApplication IntegrationSecurity, Identity, & ComplianceDatabase
Tags
AWS AppSyncAmazon CognitoAmazon DynamoDB
Language
English
rePost-User-1856738
asked a year ago80 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content