Multi-user data access

The multipleOwners rule grants a set of users access to a record by automatically creating an owners field to store the allowed record owners. You can override the default owners field name by specifying inField with the desired field name to store the owner information. You can dynamically manage which users can access a record by updating the owner field.

Add multi-user authorization rule

If you want to grant a set of users access to a record, you use the multipleOwners rule. This automatically creates a owner: a.string().array() field to store the allowed owners.

1export const schema = a.schema({
2  Todo: a.model({
3    content: a.string()
4  }).authorization([
5    a.allow.multipleOwners()
6  ])
7})

Override to a list of owners

You can override the inField to a list of owners. Use this if you want a dynamic set of users to have access to a record. In the example below, the authors list is populated with the creator of the record upon record creation. The creator can then update the authors field with additional users. Any user listed in the authors field can access the record.

1export const schema = a.schema({
2  Todo: a.model({
3    content: a.string()
4    authors: a.string().array() // record owner information now stored in "authors" field
5  }).authorization([
6    a.allow.multipleOwners().inField("authors")
7  ])
8})