How to design a access pattern for products data management on Dynamodb (single table) with fine grained access control?

have some products and we want give access to employees to manage it (update) fine grained access control with cognito and IAM policy

employee id will be cognito user id(e#)

use case as on the table have 2 product and suppose we want to give UpdateItem access for product p#1 to employee e#2

our thoughts we will copy the product (p#1) and create a new item on table with PK e#2 and SK p#1 so now a employee can query the products with his cognito user id (pk = userid(e#2) and sk = begins_with = p#)

after work done we can copy the updated data (PK e#2 SK p#1) and put it on the products data (PK p#1 SK p#1) and remove from the employee access by deleting the item (PK e#2 SK p#1)

Is it good practice or there any other way to access control with cognito authentication