How to design a access pattern for products data management on Dynamodb (single table) with fine grained access control?
0
have some products and we want give access to employees to manage it (update)
fine grained access control with cognito and IAM policy
employee id will be cognito user id(e#)
use case
as on the table have 2 product and suppose we want to give UpdateItem access for product p#1 to employee e#2
our thoughts
we will copy the product (p#1) and create a new item on table with PK e#2 and SK p#1 so now a employee can query the products with his cognito user id (pk = userid(e#2) and sk = begins_with = p#)
after work done we can copy the updated data (PK e#2 SK p#1) and put it on the products data (PK p#1 SK p#1) and remove from the employee access by deleting the item (PK e#2 SK p#1)
Is it good practice or there any other way to access control with cognito authentication