How to design a access pattern for products data management on Dynamodb (single table) with fine grained access control?

have some products and we want give access to employees to manage it (update) fine grained access control with cognito and IAM policy

table with product and employee

employee id will be cognito user id(e#)

use case as on the table have 2 product and suppose we want to give UpdateItem access for product p#1 to employee e#2

our thoughts we will copy the product (p#1) and create a new item on table with PK e#2 and SK p#1 so now a employee can query the products with his cognito user id (pk = userid(e#2) and sk = begins_with = p#)

employee product access

after work done we can copy the updated data (PK e#2 SK p#1) and put it on the products data (PK p#1 SK p#1) and remove from the employee access by deleting the item (PK e#2 SK p#1)

Is it good practice or there any other way to access control with cognito authentication

主题

数据库

标签

Amazon DynamoDB

语言

English

Debnath

已提问 1 年前90 查看次数

没有答案

最新
投票最多
评论最多

How to design a access pattern for products data management on Dynamodb (single table) with fine grained access control?

相关内容