Name:
interface
Value:
Amplify has re-imagined the way frontend developers build fullstack applications. Develop and deploy without the hassle.

Fullstack TypeScript

Write your app's data model, auth, storage, and functions in TypeScript; Amplify will do the rest.

Built with the AWS CDK

Use any cloud resource your app needs. Never worry about scale.

Back to Gen 1 DocsLearn more about Gen 2

Choose your framework/language

Edit on GitHub

Page updated Jun 19, 2024

Multi-user data access

The ownersDefinedIn rule grants a set of users access to a record by automatically creating an owners field to store the allowed record owners. You can override the default owners field name by specifying inField with the desired field name to store the owner information. You can dynamically manage which users can access a record by updating the owner field.

Add multi-user authorization rule

If you want to grant a set of users access to a record, you use the ownersDefinedIn rule. This automatically creates a owners: a.string().array() field to store the allowed owners.

amplify/data/resource.ts
const schema = a.schema({
  Todo: a
    .model({
      content: a.string(),
      owners: a.string().array(),
    })
    .authorization(allow => [allow.ownersDefinedIn('owners')]),
});

In your application, you can perform CRUD operations against the model with the userPools auth mode.

try {
  final todo = Todo(content: 'My new todo');
  final request = ModelMutations.create(
    todo,  
    authorizationMode: APIAuthorizationType.userPools,
  );
  final createdTodo = await Amplify.API.mutations(request: request).response;


  if (createdTodo == null) {
    safePrint('errors: ${response.errors}');
    return;
  }
  safePrint('Mutation result: ${createdTodo.name}');


} on APIException catch (e) {
  safePrint('Failed to create todo', e);
}

Add another user as an owner

try {
  createdTodo.owners!.add(otherUserId);
  let updateRequest = ModelMutations.update(
    createdTodo,
    authorizationMode: APIAuthorizationType.userPools,
  );
  final updatedTodo = await Amplify.API.mutations(request: updateRequest).response;


  if (updatedTodo == null) {
    safePrint('errors: ${response.errors}');
    return;
  }


} catch {
  safePrint("Failed to update todo", error)
}

Override to a list of owners

You can override the inField to a list of owners. Use this if you want a dynamic set of users to have access to a record. In the example below, the authors list is populated with the creator of the record upon record creation. The creator can then update the authors field with additional users. Any user listed in the authors field can access the record.

const schema = a.schema({
  Todo: a
    .model({
      content: a.string(),
      authors: a.string().array(), // record owner information now stored in "authors" field
    })
    .authorization(allow => [allow.ownersDefinedIn('authors')]),
});
PREVIOUS
Per-user/per-owner data access
NEXT
Signed-in user data access
Site color mode

Amplify open source software, documentation and community are supported by Amazon Web Services.

© 2024, Amazon Web Services, Inc. and its affiliates.

All rights reserved. View the site terms and privacy policy.

Flutter and the related logo are trademarks of Google LLC. We are not endorsed by or affiliated with Google LLC.