Multi-user data access
The ownersDefinedIn rule grants a set of users access to a record by automatically creating an owners field to store the allowed record owners. You can override the default owners field name by specifying inField with the desired field name to store the owner information. You can dynamically manage which users can access a record by updating the owner field.
Add multi-user authorization rule
If you want to grant a set of users access to a record, you use the ownersDefinedIn rule. This automatically creates a owners: a.string().array() field to store the allowed owners.
const schema = a.schema({ Todo: a .model({ content: a.string(), owners: a.string().array(), }) .authorization(allow => [allow.ownersDefinedIn('owners')]),});In your application, you can perform CRUD operations against the model with the amazonCognitoUserPools auth mode.
do { let todo = Todo(content: "My new todo") let createdTodo = try await Amplify.API.mutate(request: .create( todo, authMode: .amazonCognitoUserPools)).get()} catch { print("Failed to create todo", error)}Add another user as an owner
do { createdTodo.owners?.append(otherUserId) let updatedTodo = try await Amplify.API.mutate(request: .update( createdTodo, authMode: .amazonCognitoUserPools)).get()} catch { print("Failed to update todo", error)}Override to a list of owners
You can override the inField to a list of owners. Use this if you want a dynamic set of users to have access to a record. In the example below, the authors list is populated with the creator of the record upon record creation. The creator can then update the authors field with additional users. Any user listed in the authors field can access the record.
const schema = a.schema({ Todo: a .model({ content: a.string(), authors: a.string().array(), // record owner information now stored in "authors" field }) .authorization(allow => [allow.ownersDefinedIn('authors')]),});