Item level authorisation in Amplify (Gen 2)

I'm building a multi tenant application. Every user belongs to an organisation, in Cognito the organisation ID is stored in a custom attribute.

I'm using Amplify (Gen 2). How would one implement Item level authorisation based on a custom user attribute?

Group-based data access and Multi-user data access doesn't seem to be the solution.

Group-based data access: only a limited amount of groups are allowed per user pool (10k), I'm expecting much higher numbers.

Multi-user data access: Not efficient... due to the high number of users in an organisation. a.allow.multipleOwners().inField("organisation_id")

Amplify docs: https://docs.amplify.aws/gen2/build-a-backend/data/customize-authz/

Any help would be more than welcome.

Thanks!

Topics

Front-End Web & Mobile Security, Identity, & Compliance

Relevant content

How to separate organisation users permissions by the access level and environments?
Accepted Answer
kostyanius
asked a year ago
Amplify store Cognito clientId in frontend
abc
asked 3 months ago
Migrating multi-tenant application to Cognito ... how many user pools is too many?
jonb
asked 2 years ago
How to design a multi-tenant Login architecture with Cognito custom domains?
dileepaj
asked 3 months ago
How do I integrate a multi-Region and multi-account Amazon Cognito user pool with an Amazon Cognito identity pool?
AWS OFFICIALUpdated a year ago
How do I delete an application in AWS Amplify?
AWS OFFICIALUpdated 2 years ago
How do I use the custom email sender Lambda trigger in Amazon Cognito user pools?
AWS OFFICIALUpdated 4 months ago
How do I use remembered devices in my Amazon Cognito user pool?
AWS OFFICIALUpdated 8 months ago
Hygieia - A Gen AI Solution for Pharma
EXPERT
SriniV
published a month ago
AWS Cognito Finally Supports Custom Claims for Access Tokens
EXPERT
Antonio_Lagrotteria
published a month ago