Access control
You are going to define set up role-based authorization rules for each of the models that you created for your bookstore example. Authorization rules help in restricting who can query or update a table based on certain conditions.
To set an owner authorization rule
- Using the Books data model that you created in the Create a data model example, set the authorization mode to Cognito user pool.
- In the Model pane on the right, expand the Owners window.
- Choose Create, Read, Update and Delete to specify that Owners have create, read, update, and delete access. The settings look as follows.
To set a private authorization rule
- Using the Books data model that you created in the Create a data model example, set the authorization mode to Cognito user pool.
- In the Model pane on the right, expand the Any signed-in users window.
- Choose Create, Read, and Update to specify that any signed-in authenticated user has create, read, and update, access.
To set a group authorization rule
- Using the Books data model that you created in the Create a data model example, set the authorization mode to Cognito user pool.
- Create an Editors group using the instructions to create a group. Alternately, you can create a new group from the Add a new rule for... menu.
- In the Model pane on the right, select Editors from the Add a new rule for... menu.
- Choose Create, Read, Update and Delete to specify that signed in users in the Editors group have create, read, update, and delete access.
To set a public authorization rule
If you want your data model to be publicly accessible, switch to API_KEY or IAM based authorization.
- Using the Books data model that you created in the Create a data model example, set the authorization mode to API Key.
- In the Model pane on the right, expand the Anyone window. Choose Read to specify that any signed in user has read access to the data in the Book model.
