I am trying to develop an application architecture almost exclusively on top of AWS services.
This application has both User, and Organization"entities". As can be excluded, Userperhaps admin, role-xor role-yone or more organizations. ( role-xand role-yare just placeholders for some role with some set of specific permissions. It Usercan also be autonomous (that is, have no role in any Organization).
Our current thinking is to use DynamoDB to store organization and user data. For users, this can include some basic information (address, phone number, whatever), and for organizations, it can include fields such as “mission statement”, “business address”, etc.
An adminorganization will be able to edit all fields of the organization, while it role-xcan update the "mission statement" only when reading all other fields.
Since I mentioned that a single user may have roles in many different organizations, it might look something like this:
user1:
organizations:
123: 'admin'
456: 'role-x'
789: 'admin'
It is also worth noting that these role assignments can be modifiable. New or existing users may be invited to accept a specific role for the organization, and the organization may remove the user from the role.
, , " ".
IAM Cognito, , DynamoDB S3, - , , .
AWS?
( Identities (, Organization), - " "?)