How to design a access pattern for products data management on Dynamodb (single table) with fine grained access control?

have some products and we want give access to employees to manage it (update) fine grained access control with cognito and IAM policy

table with product and employee

employee id will be cognito user id(e#)

use case as on the table have 2 product and suppose we want to give UpdateItem access for product p#1 to employee e#2

our thoughts we will copy the product (p#1) and create a new item on table with PK e#2 and SK p#1 so now a employee can query the products with his cognito user id (pk = userid(e#2) and sk = begins_with = p#)

employee product access

after work done we can copy the updated data (PK e#2 SK p#1) and put it on the products data (PK p#1 SK p#1) and remove from the employee access by deleting the item (PK e#2 SK p#1)

Is it good practice or there any other way to access control with cognito authentication

Argomenti

Database

Tag

Amazon DynamoDB

Lingua

English

Debnath

posta un anno fa90 visualizzazioni

Nessuna risposta

Più recenti
Maggior numero di voti
Maggior numero di commenti

Contenuto pertinente

Come posso risolvere l'errore "Your current user or role does not have access to Kubernetes objects on this EKS cluster" in Amazon EKS?
AWS UFFICIALEAggiornata un anno fa
How do I access a private API Gateway API when the VPC endpoint uses an on-premises DNS?
AWS UFFICIALEAggiornata 3 anni fa
Perché ho ricevuto l'errore IAM "AWS was not able to validate the provided access credentials" in alcune regioni AWS?
AWS UFFICIALEAggiornata 2 anni fa
Come posso caricare e importare un certificato SSL in AWS Identity and Access Management (IAM)?
AWS UFFICIALEAggiornata 2 anni fa