Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Name:
interface
Value:
Amplify has re-imagined the way frontend developers build fullstack applications. Develop and deploy without the hassle.

Page updated May 2, 2024

Access control

Clone the example data model to follow along.

You are going to define set up role-based authorization rules for each of the models that you created for your bookstore example. Authorization rules help in restricting who can query or update a table based on certain conditions.

To set an owner authorization rule

  1. Using the Books data model that you created in the Create a data model example, set the authorization mode to Cognito user pool.
  2. In the Model pane on the right, expand the Owners window.
  3. Choose Create, Read, Update and Delete to specify that Owners have create, read, update, and delete access. The settings look as follows.

To set a private authorization rule

  1. Using the Books data model that you created in the Create a data model example, set the authorization mode to Cognito user pool.
  2. In the Model pane on the right, expand the Any signed-in users window.
  3. Choose Create, Read, and Update to specify that any signed-in authenticated user has create, read, and update, access.

To set a group authorization rule

  1. Using the Books data model that you created in the Create a data model example, set the authorization mode to Cognito user pool.
  2. Create an Editors group using the instructions to create a group. Alternately, you can create a new group from the Add a new rule for... menu.
  3. In the Model pane on the right, select Editors from the Add a new rule for... menu.

Screenshot of step 3 as mentioned above

  1. Choose Create, Read, Update and Delete to specify that signed in users in the Editors group have create, read, update, and delete access.

To set a public authorization rule

If you want your data model to be publicly accessible, switch to API_KEY or IAM based authorization.

  1. Using the Books data model that you created in the Create a data model example, set the authorization mode to API Key.
  2. In the Model pane on the right, expand the Anyone window. Choose Read to specify that any signed in user has read access to the data in the Book model.