0
0
DynamoDBquery~30 mins

Fine-grained access control in DynamoDB - Mini Project: Build & Apply

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Fine-grained Access Control with DynamoDB
📖 Scenario: You are building a simple employee database for a company. Each employee record contains sensitive information like salary and department. You want to control who can see the salary based on their role.
🎯 Goal: Create a DynamoDB table with employee data, add a role-based access control configuration, write a query that only returns salary if the user role is 'manager', and finalize the policy to enforce this fine-grained access control.
📋 What You'll Learn
Create a DynamoDB table called Employees with EmployeeID as the primary key and attributes Name, Department, and Salary.
Add a variable called user_role to represent the current user's role.
Write a query that retrieves EmployeeID, Name, and Department for all employees, and includes Salary only if user_role is 'manager'.
Add a condition expression or policy statement that enforces this fine-grained access control.
💡 Why This Matters
🌍 Real World
Companies often need to protect sensitive employee data and allow only authorized roles to see certain information like salaries.
💼 Career
Understanding fine-grained access control is essential for database administrators and backend developers to secure data properly.
Progress0 / 4 steps
1
Create the Employees table with sample data
Create a DynamoDB table called Employees with EmployeeID as the primary key. Add three items with these exact values: {'EmployeeID': 'E001', 'Name': 'Alice', 'Department': 'HR', 'Salary': 70000}, {'EmployeeID': 'E002', 'Name': 'Bob', 'Department': 'IT', 'Salary': 85000}, and {'EmployeeID': 'E003', 'Name': 'Charlie', 'Department': 'Finance', 'Salary': 90000}.
DynamoDB
Need a hint?

Use a list of dictionaries to represent the table and its items.

2
Add user role variable
Add a variable called user_role and set it to the string 'employee' to represent the current user's role.
DynamoDB
Need a hint?

Just create a string variable named user_role with the value 'employee'.

3
Write query with conditional salary access
Write a list comprehension called visible_data that goes through each employee in Employees and creates a new dictionary with keys 'EmployeeID', 'Name', and 'Department'. Add the 'Salary' key only if user_role is 'manager'.
DynamoDB
Need a hint?

Use a dictionary unpacking inside a list comprehension with a condition on user_role.

4
Add fine-grained access control policy
Add a variable called access_policy that is a dictionary with a key Condition. Set Condition to a dictionary with key StringEquals mapping to another dictionary with key user:role and value 'manager'. This simulates a policy that allows salary access only if the user role is 'manager'.
DynamoDB
Need a hint?

Use nested dictionaries to represent the policy condition.