How to design a access pattern for products data management on Dynamodb (single table) with fine grained access control?

have some products and we want give access to employees to manage it (update) fine grained access control with cognito and IAM policy

table with product and employee

employee id will be cognito user id(e#)

use case as on the table have 2 product and suppose we want to give UpdateItem access for product p#1 to employee e#2

our thoughts we will copy the product (p#1) and create a new item on table with PK e#2 and SK p#1 so now a employee can query the products with his cognito user id (pk = userid(e#2) and sk = begins_with = p#)

employee product access

after work done we can copy the updated data (PK e#2 SK p#1) and put it on the products data (PK p#1 SK p#1) and remove from the employee access by deleting the item (PK e#2 SK p#1)

Is it good practice or there any other way to access control with cognito authentication

Topics

Database

Relevant content

Give employee access to S3.
AWS-User-6382056
asked 2 years ago
Fine grained row level access to Dynamodb via Cognito Authorizer
kevlar
asked 2 years ago
AWS Resource Access Manager supports fine-grained customer managed permissions
Nini Ren
asked a year ago
Fine grained access control with cognito identity and custom claims
Sankho
asked 3 months ago
How do I troubleshoot fine-grained access control issues in my OpenSearch Service cluster?
AWS OFFICIALUpdated a year ago
FAQs: Amazon SES production access requests
AWS OFFICIALUpdated 4 months ago
How can I control access to my instances using Session Manager?
AWS OFFICIALUpdated 3 years ago
How do I control access to my WorkSpaces?
AWS OFFICIALUpdated 2 years ago
What's new: AWS Resource Access Manager supports fine-grained customer managed permissions
EXPERT
Fabian
published a year ago
Cloud Product Leaders should get to know OCSF (and the product strategy pattern behind it).
EXPERT
Jeffrey Hammond
published 2 years ago