Currently the API’s that we are creating simply allow access to the individual records in DynamoDB for that particular UserID. That is Create a note for user email@example.com. The GET request retrieves all the notes for that userId etc.
How can we extend this functionality to include permissions for individual users that sign up in this serverless environment with Cognito?
- an ADMIN role can see all notes in the system and tweak individual permissions.
- an NO-ATTACHMENT role can create notes but not upload attachments
In standard web app development, you could create this as a “Users” table in your db and reference it with your User class as a part of your authentication.