This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

AWS Cognito - Multiple Apps Security

Posted on 06-14-2019 12:54 PM
Grant_Stead
Silver 5
Silver 5
Reply posted on --/--/---- --:-- AM

Basic structureโ€ฆ I have an app launcher, and multiple apps. Each app utilizes the same AWS Cognito pool for user authentication. I have a table of users listing what apps they have access to. So, I only show them the apps they have access to in the app launcher, good.

However, if someone sends them a link, or I set something up wrong, and a user ends up in an app that isnโ€™t in their list of approved apps, what is the best/easiest way to effectively shutdown that app to them?

0 4 789
Topic Labels
0 Likes
4 REPLIES 4

Posted on --/--/---- --:-- AM
Bellave_Jayaram
Silver 5
Silver 5
Reply posted on --/--/---- --:-- AM

I have often wondered about this use case. It seems to me that without some kind of app namespace and user <> app list authentication scheme, it would be hard to do just using USEREMAIL() and Show_If for Views and Security Filters for Tables.

One possible way would be to create a common table or set of tables to ALL apps with columns containing USEREMAIL(), Group (or Company) and List of Authorized Apps and add a check for each view.

0 Likes

Posted on --/--/---- --:-- AM
Grant_Stead
Silver 5
Silver 5
In response to Bellave_Jayaram
Reply posted on --/--/---- --:-- AM

Iโ€™ve seen issues with โ€œshow/Hideโ€ on viewsโ€ฆ itโ€™s like theyโ€™re accessible, thereโ€™s just no button to click on, so a deep link will still take you to them, even if the view is technically hidden.

And, yes, Iโ€™ve got common tables for all the appsโ€ฆ

The best option Iโ€™ve came up with is to reduce the โ€œAre updates allowed?โ€ down to read only and then set the security filter to false. And do this for every tableโ€ฆ Then they could see all the views, but wouldnโ€™t see any info, and couldnโ€™t add dataโ€ฆ

Since iโ€™m using data partitioning, one option I came up with was a set of โ€œemptyโ€ tables"

0 Likes

Posted on --/--/---- --:-- AM
Aleksi
Staff
Reply posted on --/--/---- --:-- AM

If you have the users table already and you know do they have access into this app or not, you could use security filter and show a detail info view that they donโ€™t have data access. Not exacty what you are looking for but at least you can be sure that they donโ€™t have access to data. You could do the same for tables with an option โ€œAre updates allowed?โ€

Posted on --/--/---- --:-- AM
Grant_Stead
Silver 5
Silver 5
In response to Aleksi
Reply posted on --/--/---- --:-- AM

Yep, I think thatโ€™s my best option right now.
Maybe I can put a show column in the user table, and show that in the detail view.

0 Likes
Top Labels in this Space