Database Reference
In-Depth Information
The second condition allows users to return only specific attributes if he or she uses the
Select
statement. It also provides information on what needs to return in the case of an
Update
statement.
Allowing a query on only specific projected attributes in index
In this document, we will try to create a policy statement that would allow users to see
only specific attributes projected in a secondary index. Here, we would use a secondary
index called
PayScaleIndex
for our purpose, which is part of the
Employee
table:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["dynamodb:Query"],
"Resource":
["arn:aws:dynamodb:us-west-2:235338895076:table/Employee/
index/PayScaleIndex"],
"Condition": {
"ForAllValues:StringEquals": {
"dynamodb:Attributes": [
"salary" , "grade", "bonus"
]
},
"StringEquals": {"dynamodb:Select":
"SPECIFIC_ATTRIBUTES"}
}
}
]
}
Similarly, you can create your own policy documents to fit your needs and apply the same
on users.
