0
0
DynamoDBquery~20 mins

Condition keys for row-level security in DynamoDB - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
DynamoDB Row-Level Security Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
query_result
intermediate
2:00remaining
Identify the correct condition key for user identity in DynamoDB row-level security
Which condition key is used in DynamoDB to restrict access to items based on the user's identity in a row-level security policy?
Adynamodb:PrincipalId
Bdynamodb:Attributes
Cdynamodb:LeadingKeys
Ddynamodb:UserId
Attempts:
2 left
💡 Hint
Think about the key that controls access based on partition key values.
🧠 Conceptual
intermediate
2:00remaining
Purpose of dynamodb:Attributes condition key
What is the main purpose of the dynamodb:Attributes condition key in DynamoDB's row-level security?
ATo specify the table name in the policy
BTo restrict access based on the partition key values
CTo identify the user making the request
DTo restrict access based on the attributes being accessed or modified
Attempts:
2 left
💡 Hint
Think about controlling access to specific columns or fields.
📝 Syntax
advanced
2:30remaining
Identify the valid condition expression for row-level security using dynamodb:LeadingKeys
Which of the following IAM policy condition expressions correctly restricts access to items where the partition key matches the user's ID stored in the request context?
DynamoDB
Condition:
  StringEquals:
    ???
A"dynamodb:LeadingKeys": ["${aws:userid}"]
B"dynamodb:LeadingKeys": "${aws:userid}"
C"dynamodb:LeadingKeys": "aws:userid"
D"dynamodb:LeadingKeys": ["aws:userid"]
Attempts:
2 left
💡 Hint
The value for dynamodb:LeadingKeys must be a list of strings with variable substitution.
🔧 Debug
advanced
2:30remaining
Why does this row-level security condition fail to restrict access?
Given this IAM policy snippet for DynamoDB row-level security: "Condition": { "StringEquals": { "dynamodb:LeadingKeys": "${aws:userid}" } } Why does this condition fail to restrict access as intended?
ABecause dynamodb:LeadingKeys requires a list, not a single string
BBecause StringEquals cannot be used with dynamodb:LeadingKeys
CBecause aws:userid is not a valid variable for condition keys
DBecause the condition key should be dynamodb:Attributes instead
Attempts:
2 left
💡 Hint
Check the expected data type for dynamodb:LeadingKeys in conditions.
optimization
expert
3:00remaining
Optimize a row-level security policy to minimize policy size and improve performance
You have a DynamoDB table with a partition key 'UserId' and many attributes. You want to restrict users to only access their own items and only read specific attributes. Which approach optimizes the IAM policy for row-level security?
AUse dynamodb:Attributes only to restrict attributes and rely on table-level permissions for item access
BUse dynamodb:LeadingKeys with the user's ID and dynamodb:Attributes with a list of allowed attributes in the condition
CUse multiple policies per user, each specifying allowed partition keys and attributes explicitly
DUse a single policy with no conditions and filter data in the application code
Attempts:
2 left
💡 Hint
Think about combining partition key restrictions with attribute-level restrictions in one policy.