From 917745005d33e1c931a03cfd7c1a6291f3970159 Mon Sep 17 00:00:00 2001 From: Chris Bonifacio Date: Thu, 7 Dec 2023 18:52:53 -0500 Subject: [PATCH] uncomment field level auth callout and --- .../graphqlapi/connect-api-to-existing-database/index.mdx | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/pages/[platform]/build-a-backend/graphqlapi/connect-api-to-existing-database/index.mdx b/src/pages/[platform]/build-a-backend/graphqlapi/connect-api-to-existing-database/index.mdx index d432d141fbc..d68b144fa75 100644 --- a/src/pages/[platform]/build-a-backend/graphqlapi/connect-api-to-existing-database/index.mdx +++ b/src/pages/[platform]/build-a-backend/graphqlapi/connect-api-to-existing-database/index.mdx @@ -400,9 +400,9 @@ type Mutation { The `@auth` directive can be used to restrict access to data and operations by specifying authorization rules. It allows granular access control over the GraphQL API based on the user's identity and attributes. You can for example, limit a query or mutation to only logged-in users via an `@auth(rules: [{ allow: private }])` rule or limit access to only users of the "Admin" group via an `@auth(rules: [{ allow: groups, groups: ["Admin"] }])` rule. -{/* All model-level authorization rules are supported for Amplify GraphQL schemas generated from MySQL and PostgreSQL databases. +All model-level authorization rules are supported for Amplify GraphQL schemas generated from MySQL and PostgreSQL databases. -**Known limitation:** Field level auth rules are not supported. +**Limitation:** Field level auth rules are not supported. In the example below, public users authorized via API Key are granted unrestricted access to all posts. @@ -413,9 +413,7 @@ type Blog @model @refersTo(name: "blogs") @auth(rules: [{ allow: public }]) { id: String! @primaryKey title: String! } -``` */} - -{/* In a real world scenario, you can instead define auth rules that only allow public users to read posts, and authenticated users the ability to update or delete their posts. */} +``` For more information on each rule please refer to our documentation on [Authorization rules](/[platform]/build-a-backend/graphqlapi/customize-authorization-rules/).