From e2effd477bdd5ca3313504bdc2451f8fab355a37 Mon Sep 17 00:00:00 2001 From: Harshita Daddala Date: Wed, 18 Sep 2024 10:23:00 -0400 Subject: [PATCH 1/2] improve callout for group access in storage --- .../storage/authorization/index.mdx | 20 ++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/src/pages/[platform]/build-a-backend/storage/authorization/index.mdx b/src/pages/[platform]/build-a-backend/storage/authorization/index.mdx index f9001d4e7be..cbd9c209c4a 100644 --- a/src/pages/[platform]/build-a-backend/storage/authorization/index.mdx +++ b/src/pages/[platform]/build-a-backend/storage/authorization/index.mdx @@ -36,6 +36,8 @@ Refer to the following examples to understand how you can further customize auth ## Access Types +Authentication is required to continue using Amplify Storage, please make sure you set it up if you haven't already - [documentation to set up Auth](/[platform]/build-a-backend/auth/set-up-auth/). + **Note:** Paths in access definitions cannot have a '/' at the beginning of the string. @@ -44,15 +46,10 @@ By default, all paths are denied to all types of users unless explicitly granted -Authentication is required to continue using Amplify Storage, please make sure you set it up if you haven't already - [documentation to set up Auth](/[platform]/build-a-backend/auth/set-up-auth/). - -{/* it's not actually files that are like /media/*hey right? so instead it should be all files that are under the media/ */} To grant all guest (i.e. not signed in) users of your application read access to files under `media/`, use the following `access` values. -{/* I would flip this guide to have the conceptual first so you don't need explanations like the ones in the comments */} - ```ts title="amplify/storage/resource.ts" export const storage = defineStorage({ name: 'myProjectFiles', @@ -66,6 +63,14 @@ export const storage = defineStorage({ + + +**Note:** When a user is part of a group, they are assigned the group role, which means permissions defined for the authenticated role will not apply for this user. + +To grant access to users within a group, you must explicitly define access permissions for the group against the desired prefix. + + + To grant all authenticated (i.e. signed in) users of your application read access to files under `media/`, use the following `access` configuration. ```ts title="amplify/storage/resource.ts" @@ -78,13 +83,14 @@ export const storage = defineStorage({ }) }); ``` - -**Note:** When a user is part of a group that has access rules defined in the `amplify/storage/resource.ts` file, those group-specific access rules will take priority over any general access rules set for authenticated users. +**Note:** When a user is part of a group, they are assigned the group role, which means permissions defined for the authenticated role will not apply for this user. + +To grant access to users within a group, you must explicitly define access permissions for the group against the desired prefix. From 2cdd96e663b7e7c8efde21ca56400178e37b6954 Mon Sep 17 00:00:00 2001 From: ashika112 <155593080+ashika112@users.noreply.github.com> Date: Thu, 19 Sep 2024 11:13:07 -0700 Subject: [PATCH 2/2] Update table header to fix test --- .../[platform]/build-a-backend/storage/authorization/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/[platform]/build-a-backend/storage/authorization/index.mdx b/src/pages/[platform]/build-a-backend/storage/authorization/index.mdx index cbd9c209c4a..16efd6a6e16 100644 --- a/src/pages/[platform]/build-a-backend/storage/authorization/index.mdx +++ b/src/pages/[platform]/build-a-backend/storage/authorization/index.mdx @@ -233,7 +233,7 @@ export const storage = defineStorage({ The access control matrix for this configuration is -| | media/\* | media/profile-pictures/\* | media/albums/\* | other/\* | +| Path | media/\* | media/profile-pictures/\* | media/albums/\* | other/\* | | --- | --- | --- | --- | --- | | **Authenticated Users** | read, write, delete | NONE | read | read, write | | **Guest users** | NONE | read | NONE | read |