Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

auth permission

See original GitHub issue

Note: If your issue/bug is regarding the AWS Amplify Console service, please log it in the Amplify Console GitHub Issue Tracker

Describe the bug permission with iam provider work different from amazon cognito provider

with amazon cognito provider if read operation not provided, user with no group can read model but with iam provider i cannot read

if i add operations read with iam provider, then user with iam authentication can read but user with no group or user with group with no read operation cannot read

Amplify CLI Version 4.13.1

To Reproduce Create schema like this

type ProductCategory
  @model
  @auth(
    rules: [
      # admin
      { allow: groups, groups: ["admin"], operations: [create, update, delete] }
      # iam for lambda
      { allow: private, provider: iam, operations: [create, update, delete] }
    ]
  ) {
  id: ID!
  createdAt: AWSDateTime
  updatedAt: AWSDateTime

  name: String!
  description: String
}

Expected behavior graphql using iam permission can read listProductCategorys (same permission with if provider amazon cognito)

Screenshots

Desktop (please complete the following information):

OS: Ubuntu
Node Version. 13.5.0

Additional context Add any other context about the problem here.

Issue Analytics

State:
Created 4 years ago
Comments:5 (1 by maintainers)

Top GitHub Comments

1reaction

bengsiswantohcommented, Mar 1, 2020

Thank you for the response @SwaySway

but if i can the schema into this

type ProductCategory
  @model
  @auth(
    rules: [
      # admin
      { allow: groups, groups: ["admin"], operations: [create, update, delete] }
      # iam for lambda
      { allow: private, provider: iam, operations: [read ,create, update, delete] }
    ]
  ) {
  id: ID!
  createdAt: AWSDateTime
  updatedAt: AWSDateTime

  name: String!
  description: String
}

user with admin group or user with no group cannot read this model. do you have a solution for this?

0reactions

github-actions[bot]commented, May 26, 2021

This issue has been automatically locked since there hasn’t been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels for those types of questions.

Top Results From Across the Web

AuthPermission (Java Platform SE 7 ) - Oracle Help Center

This class is for authentication permissions. An AuthPermission contains a name (also referred to as a "target name") but no actions list; you...

4 - Authentication and permissions - Django REST framework

Tutorial 4: Authentication & Permissions · Code snippets are always associated with a creator. · Only authenticated users may create snippets. · Only...

Using the Django authentication system

The Django admin site uses permissions as follows: Access to view objects is limited to users with the “view” or “change” permission for...

JonPSmith/AuthPermissions.AspNetCore - GitHub

The AuthPermissions.AspNetCore library (shortened to AuthP) provides extra authorization features to a ASP.NET Core application. Here are AuthP's three main ...

Assign Permissions to Users - Auth0

The assigned permissions can be used with the API Authorization Core feature set. Adding permissions directly to a user circumvents the benefits of...