Group and Individual permissions #2974
Description
Before opening, please confirm:
- I have searched for duplicate or closed issues and discussions.
- I have read the guide for submitting bug reports.
- I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
JavaScript Framework
Not applicable
Amplify APIs
Storage
Amplify Version
v6
Amplify Categories
No response
Backend
None
Environment information
# Put output below this line
System:
OS: macOS 15.6
CPU: (11) arm64 Apple M3 Pro
Memory: 181.72 MB / 18.00 GB
Shell: 5.9 - /bin/zsh
Binaries:
Node: 18.20.2 - ~/.local/share/mise/installs/node/18.20.2/bin/node
npm: 10.5.0 - ~/.local/share/mise/installs/node/18.20.2/bin/npm
Browsers:
Chrome: 139.0.7258.155
Safari: 18.6
npmPackages:
%name%: 0.1.0
@aws-amplify/backend: ^1.14.1 => 1.16.1
@aws-amplify/backend-cli: ^1.4.10 => 1.8.0
@aws-amplify/seed: ^1.0.1 => 1.0.1
@aws-sdk/client-cognito-identity-provider: ^3.865.0 => 3.865.0
@types/aws-lambda: ^8.10.152 => 8.10.152
@types/node: ^24.3.0 => 24.3.0
aws-amplify: ^6.13.0 => 6.15.5
aws-amplify/adapter-core: undefined ()
aws-amplify/adapter-core/internals: undefined ()
aws-amplify/analytics: undefined ()
aws-amplify/analytics/kinesis: undefined ()
aws-amplify/analytics/kinesis-firehose: undefined ()
aws-amplify/analytics/personalize: undefined ()
aws-amplify/analytics/pinpoint: undefined ()
aws-amplify/api: undefined ()
aws-amplify/api/internals: undefined ()
aws-amplify/api/server: undefined ()
aws-amplify/auth: undefined ()
aws-amplify/auth/cognito: undefined ()
aws-amplify/auth/cognito/server: undefined ()
aws-amplify/auth/enable-oauth-listener: undefined ()
aws-amplify/auth/server: undefined ()
aws-amplify/data: undefined ()
aws-amplify/data/server: undefined ()
aws-amplify/datastore: undefined ()
aws-amplify/in-app-messaging: undefined ()
aws-amplify/in-app-messaging/pinpoint: undefined ()
aws-amplify/push-notifications: undefined ()
aws-amplify/push-notifications/pinpoint: undefined ()
aws-amplify/storage: undefined ()
aws-amplify/storage/s3: undefined ()
aws-amplify/storage/s3/server: undefined ()
aws-amplify/storage/server: undefined ()
aws-amplify/utils: undefined ()
aws-cdk: ^2.211.0 => 2.1025.0
aws-cdk-lib: ^2.211.0 => 2.211.0
constructs: ^10.4.2 => 10.4.2
esbuild: ^0.25.0 => 0.25.9
tsx: ^4.19.2 => 4.20.4 (4.19.4)
typescript: ^5.7.3 => 5.9.2 (4.4.4, 4.9.5)
npmGlobalPackages:
corepack: 0.25.2
npm: 10.5.0
Describe the bug
Hi team! Quick question, I'm under the impression that I cannot mix user permission and group permission?
Like if a user do not belong to a group
'files/{entity_id}/*': [
allow.entity('identity').to(['read', 'write', 'delete']),
]
is working!
but if my user belongs to a group it stop working.
Expected behavior
I would expect the duality of the permissions to work.
Both with groups and with individual should work together!
Reproduction steps
Deploy a storage with identity
Create a trigger where a new user is created to add them to a group
Code Snippet
export const CharacterStorage = defineStorage({
name: 'characterspicturescinemaapp',
access: (allow) => ({
'characters-pictures/{entity_id}/*': [
allow.entity('identity').to(['read', 'write', 'delete'])
]
})
});Log output
// Put your logs below this line
aws-exports.js
No response
Manual configuration
No response
Additional configuration
No response
Mobile Device
No response
Mobile Operating System
No response
Mobile Browser
No response
Mobile Browser Version
No response
Additional information and screenshots
No response