Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support configuring data access for specific operations #2806

Open
josefaidt opened this issue Aug 23, 2024 · 2 comments
Open

support configuring data access for specific operations #2806

josefaidt opened this issue Aug 23, 2024 · 2 comments
Labels
feature-request New feature or request Gen 2 transferred

Comments

@josefaidt
Copy link
Contributor

Environment information

System:
  OS: macOS 14.6.1
  CPU: (10) arm64 Apple M1 Pro
  Memory: 225.25 MB / 32.00 GB
  Shell: /opt/homebrew/bin/fish
Binaries:
  Node: 20.16.0 - ~/.local/state/fnm_multishells/28867_1724346485912/bin/node
  Yarn: undefined - undefined
  npm: 10.8.1 - ~/.local/state/fnm_multishells/28867_1724346485912/bin/npm
  pnpm: 9.7.0 - ~/.local/state/fnm_multishells/28867_1724346485912/bin/pnpm
NPM Packages:
  @aws-amplify/auth-construct: Not Found
  @aws-amplify/backend: 1.1.1
  @aws-amplify/backend-auth: Not Found
  @aws-amplify/backend-cli: 1.2.4
  @aws-amplify/backend-data: Not Found
  @aws-amplify/backend-deployer: Not Found
  @aws-amplify/backend-function: Not Found
  @aws-amplify/backend-output-schemas: Not Found
  @aws-amplify/backend-output-storage: Not Found
  @aws-amplify/backend-secret: Not Found
  @aws-amplify/backend-storage: Not Found
  @aws-amplify/cli-core: Not Found
  @aws-amplify/client-config: Not Found
  @aws-amplify/deployed-backend-client: Not Found
  @aws-amplify/form-generator: Not Found
  @aws-amplify/model-generator: Not Found
  @aws-amplify/platform-core: Not Found
  @aws-amplify/plugin-types: Not Found
  @aws-amplify/sandbox: Not Found
  @aws-amplify/schema-generator: Not Found
  aws-amplify: 6.5.2
  aws-cdk: 2.154.0
  aws-cdk-lib: 2.154.0
  typescript: 5.5.4
AWS environment variables:
  AWS_PROFILE = josef
  AWS_REGION = us-east-1
  AWS_STS_REGIONAL_ENDPOINTS = regional
  AWS_NODEJS_CONNECTION_REUSE_ENABLED = 1
  AWS_SDK_LOAD_CONFIG = 1
No CDK environment variables

Description

I have a post confirmation auth trigger that I would like to use to create a UserProfile model when a user signs up.

const schema = a
  .schema({
    UserProfile: a
      .model({
        displayName: a.string(),
      })
      .authorization((allow) => [allow.owner().to(["read"])]),
  })
  .authorization((allow) => [
    allow.resource(postConfirmation).to(["query", "mutate", "listen"]),
  ])

Today I can configure access to "query", "mutate", or "listen", but in this case I would like to configure the function to only be allowed to execute the createUserProfile mutation

const schema = a.schema({
  UserProfile: a
    .model({
      displayName: a.string(),
    })
    .authorization((allow) => [
      allow.owner().to(["read"]),
      allow.resource(postConfirmation).to(["create"]),
    ]),
})
@thomasoehri
Copy link

My first instinct was also to add the allow.resource authorization rule directly to my model's authorization rules, but then i realized that i could only give my function access to absolutely everything at schema level.
I'd like to have more granular control too!

@ykethan
Copy link
Member

ykethan commented Aug 26, 2024

hey,👋 thanks for raising this! I'm going to transfer this over to our API repository for better assistance 🙂

@ykethan ykethan transferred this issue from aws-amplify/amplify-backend Aug 26, 2024
@AnilMaktala AnilMaktala added feature-request New feature or request and removed pending-triage labels Aug 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request New feature or request Gen 2 transferred
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@AnilMaktala @josefaidt @thomasoehri @ykethan