This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

AWS Cognito - Multiple Apps Security

Posted on 06-14-2019 12:54 PM
Grant_Stead
Silver 5
Silver 5
Reply posted on --/--/---- --:-- AM

Basic structure… I have an app launcher, and multiple apps. Each app utilizes the same AWS Cognito pool for user authentication. I have a table of users listing what apps they have access to. So, I only show them the apps they have access to in the app launcher, good.

However, if someone sends them a link, or I set something up wrong, and a user ends up in an app that isn’t in their list of approved apps, what is the best/easiest way to effectively shutdown that app to them?

0 4 647
Topic Labels
0 Likes
4 REPLIES 4

Posted on --/--/---- --:-- AM
Bellave_Jayaram
Silver 5
Silver 5
Reply posted on --/--/---- --:-- AM

I have often wondered about this use case. It seems to me that without some kind of app namespace and user <> app list authentication scheme, it would be hard to do just using USEREMAIL() and Show_If for Views and Security Filters for Tables.

One possible way would be to create a common table or set of tables to ALL apps with columns containing USEREMAIL(), Group (or Company) and List of Authorized Apps and add a check for each view.

0 Likes

Posted on --/--/---- --:-- AM
Grant_Stead
Silver 5
Silver 5
In response to Bellave_Jayaram
Reply posted on --/--/---- --:-- AM

I’ve seen issues with “show/Hide” on views… it’s like they’re accessible, there’s just no button to click on, so a deep link will still take you to them, even if the view is technically hidden.

And, yes, I’ve got common tables for all the apps…

The best option I’ve came up with is to reduce the “Are updates allowed?” down to read only and then set the security filter to false. And do this for every table… Then they could see all the views, but wouldn’t see any info, and couldn’t add data…

Since i’m using data partitioning, one option I came up with was a set of “empty” tables"

0 Likes

Posted on --/--/---- --:-- AM
Aleksi
Staff
Reply posted on --/--/---- --:-- AM

If you have the users table already and you know do they have access into this app or not, you could use security filter and show a detail info view that they don’t have data access. Not exacty what you are looking for but at least you can be sure that they don’t have access to data. You could do the same for tables with an option “Are updates allowed?”

Posted on --/--/---- --:-- AM
Grant_Stead
Silver 5
Silver 5
In response to Aleksi
Reply posted on --/--/---- --:-- AM

Yep, I think that’s my best option right now.
Maybe I can put a show column in the user table, and show that in the detail view.

0 Likes
Top Labels in this Space