Readonly authenticated: ((provider?) => Authorization<"private", undefined, false> & { Authorize authenticated users. By default, .authenticated() uses an Amazon Cognito user pool based authorization. You can additionally
use .authenticated("identityPool") or .authenticated("oidc") to use identityPool or OIDC based authorization for authenticated users.
the authentication provider - supports "userPools", "identityPool", or "oidc"
an authorization rule for authenticated users
Authorize authenticated users. By default, .authenticated() uses an Amazon Cognito user pool based authorization. You can additionally
use .authenticated("identityPool") or .authenticated("oidc") to use identityPool or OIDC based authorization for authenticated users.
Optional provider: PrivateProviderthe authentication provider - supports "userPools", "identityPool", or "oidc"
an authorization rule for authenticated users
Readonly custom: ((provider?) => Authorization<"custom", undefined, false> & { Optional provider: CustomProviderReadonly group: ((group, provider?) => Authorization<"groups", undefined, false> & { Authorize a specific user group. Provide the name of the specific user group to have access.
By default, .group() uses an Amazon Cognito user pool based authorization. You can additionally
use .group("group-name", "oidc") to use OIDC based authentication to designate the user group.
To change the specific claim that should be used as the user group identifier, chain the
.withClaimIn(...) method.
the name of the group to authorize
the authentication provider - supports "userPools" or "oidc"
an authorization rule to grant access by a specific group
Authorize a specific user group. Provide the name of the specific user group to have access.
By default, .group() uses an Amazon Cognito user pool based authorization. You can additionally
use .group("group-name", "oidc") to use OIDC based authentication to designate the user group.
To change the specific claim that should be used as the user group identifier, chain the
.withClaimIn(...) method.
the name of the group to authorize
Optional provider: GroupProviderthe authentication provider - supports "userPools" or "oidc"
an authorization rule to grant access by a specific group
Readonly groupAuthorize if a user is part of a group defined in a data model field.
By default, .groupDefinedIn() uses an Amazon Cognito user pool based authorization. You can additionally
use .groupDefinedIn("field-name", "oidc") to use OIDC based authentication to designate the user group.
To change the specific claim that should be used as the user group identifier within the groups field, chain the
.withClaimIn(...) method.
the field that should store the authorized user group information
the authentication provider - supports "userPools" or "oidc"
an authorization rule to grant access by a specific group
Authorize if a user is part of a group defined in a data model field.
By default, .groupDefinedIn() uses an Amazon Cognito user pool based authorization. You can additionally
use .groupDefinedIn("field-name", "oidc") to use OIDC based authentication to designate the user group.
To change the specific claim that should be used as the user group identifier within the groups field, chain the
.withClaimIn(...) method.
the field that should store the authorized user group information
Optional provider: GroupProviderthe authentication provider - supports "userPools" or "oidc"
an authorization rule to grant access by a specific group
Readonly groups: ((groups, provider?) => Authorization<"groups", undefined, false> & { Authorize multiple specific user groups. Provide the names of the specific user groups to have access.
By default, .groups() uses an Amazon Cognito user pool based authorization. You can additionally
use .groups(["group-a", "group-b"], "oidc") to use OIDC based authentication to designate the user group.
To change the specific claim that should be used as the user group identifier, chain the
.withClaimIn(...) method.
the names of the group to authorize defined as an array
the authentication provider - supports "userPools" or "oidc"
an authorization rule to grant access by a specific group
Authorize multiple specific user groups. Provide the names of the specific user groups to have access.
By default, .groups() uses an Amazon Cognito user pool based authorization. You can additionally
use .groups(["group-a", "group-b"], "oidc") to use OIDC based authentication to designate the user group.
To change the specific claim that should be used as the user group identifier, chain the
.withClaimIn(...) method.
the names of the group to authorize defined as an array
Optional provider: GroupProviderthe authentication provider - supports "userPools" or "oidc"
an authorization rule to grant access by a specific group
Readonly groupsAuthorize if a user is part of a one of the groups defined in a data model field.
By default, .groupsDefinedIn() uses an Amazon Cognito user pool based authorization. You can additionally
use .groupsDefinedIn("field-name", "oidc") to use OIDC based authentication to designate the user group.
To change the specific claim that should be used as the user group identifier within the groups field, chain the
.withClaimIn(...) method.
the field that should store the list of authorized user groups
the authentication provider - supports "userPools" or "oidc"
an authorization rule to grant access by a specific group
Authorize if a user is part of a one of the groups defined in a data model field.
By default, .groupsDefinedIn() uses an Amazon Cognito user pool based authorization. You can additionally
use .groupsDefinedIn("field-name", "oidc") to use OIDC based authentication to designate the user group.
To change the specific claim that should be used as the user group identifier within the groups field, chain the
.withClaimIn(...) method.
the field that should store the list of authorized user groups
Optional provider: GroupProviderthe authentication provider - supports "userPools" or "oidc"
an authorization rule to grant access by a specific group
Readonly guest: (() => Authorization<"public", undefined, false> & { Authorize unauthenticated users by using IDENTITYPOOL based authorization.
an authorization rule for unauthenticated users
Authorize unauthenticated users by using IDENTITYPOOL based authorization.
an authorization rule for unauthenticated users
Readonly owner: ((provider?) => Authorization<"owner", "owner", false> & { Authorize access on a per-user (owner) basis. By setting owner-based authorization, a new owner: a.string()
field will be added to the model to store which user "owns" the item. Upon item creation, the "owner field" is
auto-populated with the authenticated user's information. If you want to specify which field should be used as
the owner field, you can use the ownerDefinedIn builder function instead.
By default, .owner() uses an Amazon Cognito user pool based authorization. You can additionally
use .owner("oidc") to use OIDC based authentication to designate the owner.
To change the specific claim that should be used as the user identifier within the owner field, chain the
.identityClaim(...) method.
the authentication provider - supports "userPools", "identityPool", or "oidc"
an authorization rule for authenticated users
Authorize access on a per-user (owner) basis. By setting owner-based authorization, a new owner: a.string()
field will be added to the model to store which user "owns" the item. Upon item creation, the "owner field" is
auto-populated with the authenticated user's information. If you want to specify which field should be used as
the owner field, you can use the ownerDefinedIn builder function instead.
By default, .owner() uses an Amazon Cognito user pool based authorization. You can additionally
use .owner("oidc") to use OIDC based authentication to designate the owner.
To change the specific claim that should be used as the user identifier within the owner field, chain the
.identityClaim(...) method.
Optional provider: OwnerProvidersthe authentication provider - supports "userPools", "identityPool", or "oidc"
an authorization rule for authenticated users
Readonly ownerAuthorize access on a per-user (owner) basis with specifying which field should be used as the owner field.
By default, .owner() uses an Amazon Cognito user pool based authorization. You can additionally
use .ownerDefinedIn("owner", "oidc") to use OIDC based authentication to designate the owner.
To change the specific claim that should be used as the user identifier within the owner field, chain the
.identityClaim(...) method.
the field that contains the owner information
the authentication provider - supports "userPools", "identityPool", or "oidc"
an authorization rule for authenticated users
Authorize access on a per-user (owner) basis with specifying which field should be used as the owner field.
By default, .owner() uses an Amazon Cognito user pool based authorization. You can additionally
use .ownerDefinedIn("owner", "oidc") to use OIDC based authentication to designate the owner.
To change the specific claim that should be used as the user identifier within the owner field, chain the
.identityClaim(...) method.
the field that contains the owner information
Optional provider: OwnerProvidersthe authentication provider - supports "userPools", "identityPool", or "oidc"
an authorization rule for authenticated users
Readonly ownersAuthorize access for multi-user / multi-owner access. By setting multi-owner-based authorization, a new owners: a.string().array()
field will be added to the model to store which users "own" the item. Upon item creation, the "owners field" is
auto-populated with the authenticated user's information. To grant other users access to the item, append their user identifier into the owners array.
You can specify which field should be used as the owners field by passing the ownersField parameter.
By default, .ownersDefinedIn() uses an Amazon Cognito user pool based authorization. You can additionally
use .ownersDefinedIn("owners", "oidc") to use OIDC based authentication to designate the owner.
To change the specific claim that should be used as the user identifier within the owners field, chain the
.identityClaim(...) method.
the field that contains the owners information
the authentication provider - supports "userPools", "identityPool", or "oidc"
an authorization rule for authenticated users
Authorize access for multi-user / multi-owner access. By setting multi-owner-based authorization, a new owners: a.string().array()
field will be added to the model to store which users "own" the item. Upon item creation, the "owners field" is
auto-populated with the authenticated user's information. To grant other users access to the item, append their user identifier into the owners array.
You can specify which field should be used as the owners field by passing the ownersField parameter.
By default, .ownersDefinedIn() uses an Amazon Cognito user pool based authorization. You can additionally
use .ownersDefinedIn("owners", "oidc") to use OIDC based authentication to designate the owner.
To change the specific claim that should be used as the user identifier within the owners field, chain the
.identityClaim(...) method.
the field that contains the owners information
Optional provider: OwnerProvidersthe authentication provider - supports "userPools", "identityPool", or "oidc"
an authorization rule for authenticated users
Readonly publicAuthorize unauthenticated users by using API key based authorization.
an authorization rule for unauthenticated users
Authorize unauthenticated users by using API key based authorization.
an authorization rule for unauthenticated users
Readonly resource: ((fn) => ResourceAuthorization & { When set, it requires the relationship to always return a value
When set, it requires the value of the relationship type to be required.
Configures field-level authorization rules. Pass in an array of authorizations
(allow => allow.____)to mix and match multiple authorization rules for this field.