aws-amplify
Dynamic group authorization with prefix option for multi tenant support
Is this feature request related to a new or existing Amplify category?
api
Is this related to another service?
AppSync
Describe the feature you'd like to request
https://docs.amplify.aws/javascript/tools/cli-legacy/auth-directive/#dynamic-group-authorization
It would be nice if we could add a prefix per @auth rule.
type Post @model @auth(rules: [{ allow: groups, groupsField: "groups", prefixForGroupsFieldStrings: "reader__", operations: [...] }, { allow: groups, groupsField: "groups", prefixForGroupsFieldStrings: "updater__", operations: [...]}]) {
id: ID!
title: String
groups: [String]
}
So at this point I could add the tenantID to groups and the reader__ und updater__ has different operations but with only one group array entry.
Describe the solution you'd like
add prefixForGroupsFieldStrings to @auth option.
Describe alternatives you've considered
Additional context
No response
Is this something that you'd be interested in working on?
- [X] 👋 I may be able to implement this feature request
Would this feature include a breaking change?
- [X] ⚠️ This feature might incur a breaking change
Hey,👋 thanks for raising this! I'm going to transfer this over to our API repository for better assistance 🙂
Hey @biller-aivy, Thank you for requesting this. We have marked it as a feature request for the team to evaluate further.
Hi - we're working on a feature (it'll likely land closer to later this year), where we'll allow customers to add a tenantClaim to their authorization rules. This will be a logically "AND"ed rule that validates you only have access to a data record if both your other authz rules pass as well as tenantClaim matches the what's stored in the record's tenantField
Any update on this @renebrandel? Would be great to have this feature!
