Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/amazon-web-services/14.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon web services DynamoDb中的细粒度访问_Amazon Web Services_Amazon Dynamodb_Amazon Iam - Fatal编程技术网
Fatal编程技术网

Amazon web services DynamoDb中的细粒度访问

amazon-web-services amazon-dynamodb

Amazon web services DynamoDb中的细粒度访问,amazon-web-services,amazon-dynamodb,amazon-iam,Amazon Web Services,Amazon Dynamodb,Amazon Iam,我的用户注册了facebook,表中有基本的用户信息。我希望用户只更新、删除自己的记录,而且能够读取所有其他用户的属性。例如,看看他们的名字。如何创建允许此操作的策略?这适用于场景1: { "Version": "2012-10-17", "Statement": [ { "Sid": "FullAccessToUserItems", "Effect": "Allow", "Action": [ "dynamodb:

我的用户注册了facebook,表中有基本的用户信息。我希望用户只更新、删除自己的记录,而且能够读取所有其他用户的属性。例如,看看他们的名字。如何创建允许此操作的策略?这适用于场景1:

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "FullAccessToUserItems",
        "Effect": "Allow",
        "Action": [
            "dynamodb:GetItem",
            "dynamodb:BatchGetItem",
            "dynamodb:Query",
            "dynamodb:PutItem",
            "dynamodb:UpdateItem",
            "dynamodb:DeleteItem",
            "dynamodb:BatchWriteItem"
        ],
        "Resource": [
            "arn:aws:dynamodb:us-west-2:123456789012:table/Users"
        ],
        "Condition": {
            "ForAllValues:StringEquals": {
                "dynamodb:LeadingKeys": [
                      "${graph.facebook.com:id}"
                ]
            }
        }
    }
]
}

只需将另一条具有读取权限的语句添加到整个表中即可

像这样的方法应该会奏效:

{
    "Sid": "ReadAccess",
    "Effect": "Allow",
    "Action": [
        "dynamodb:GetItem",
        "dynamodb:BatchGetItem",
        "dynamodb:Query"
    ],
    "Resource": [
        "arn:aws:dynamodb:us-west-2:123456789012:table/Users"
    ]
}
整个政策是这样的。请注意底部的第二句话:

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "FullAccessToUserItems",
        "Effect": "Allow",
        "Action": [
            "dynamodb:GetItem",
            "dynamodb:BatchGetItem",
            "dynamodb:Query",
            "dynamodb:PutItem",
            "dynamodb:UpdateItem",
            "dynamodb:DeleteItem",
            "dynamodb:BatchWriteItem"
        ],
        "Resource": [
            "arn:aws:dynamodb:us-west-2:123456789012:table/Users"
        ],
        "Condition": {
            "ForAllValues:StringEquals": {
                "dynamodb:LeadingKeys": [
                      "${graph.facebook.com:id}"
                ]
            }
        }
    },
    {
        "Sid": "ReadAccess",
        "Effect": "Allow",
        "Action": [
            "dynamodb:GetItem",
            "dynamodb:BatchGetItem",
            "dynamodb:Query"
        ],
        "Resource": [
            "arn:aws:dynamodb:us-west-2:123456789012:table/Users"
        ]
    }
]
}