stackoom
  简体   繁体   中英

DynamoDB Many to many relation for IAM like service

 原文  2021-08-08 08:46:40       amazon-web-services/ nosql/ amazon-dynamodb/ amazon-dynamodb-data-modeling

Question

So, I was trying to build IAM service like Amazon IAM, but simpler. Company has users, groups, and policies. As you can imagine users, groups, and policies has many-to-many relation between each other. Actions:

  • Policies can be added to groups
  • User can be added to groups or policies

Now the issue is, if User try to login then I have to make 3 request:

  • Get group and policies from user partition
  • Get all policies form group in that list
  • Get all policies

Then I have to do 3 roundtrip for every login. Is there a better way to do this? or design the relations differently.

1 answers

solution1
 0  2021-08-13 15:33:43

I would denormalize this.

The effective policy of the user should be an attribute in the user document.

The effective policy should be recalculated async after the user is added or removed from a group or a policy is attached/detached to/from the user.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question DynamoDB : "Many-to-many" like relationship into a signle table DynamoDB one to many to many relationship AppSync Multiple DynamoDB Storages Many to Many Relationship Many-to-many access pattern in DynamoDb DynamoDB: Avoid duplicating data in many-to-many relationship Data modelling one to many relationship in DynamoDB Dynamic IAM Policy for DynamoDB AWS IAM - Access Denied from Lambda to DynamoDB IAM Policy Cognito Variables for DynamoDB LeadingKeys Restriction Is the connection from EC2 to AWS Service (like dynamodb) happening within the AWS Network, or via public internet?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM