AWS Amplify API (AppsSync / GrapthQL) Error "Not Authorized to access listXbiis on type Query"

Question

I am building a WebApp With AWS Amplify.
I have the following object as part of my schema.graphql file.

type Xbiis @model @auth(rules: [{ allow: private,
                                  operations: [create, update, delete, read] }])
{
   id:          ID!
   name:        String!
   owner:       User!       @hasOne
   defaultRole: AccessLevel
}

I want to limit access and queries to only users who are logged in.
When I login with my "admin user". That created everything. It works fine. When I login with my second normal user I account I get the error Not Authorized to access listXbiis on type Query.

Originally, Xbiis had a more complicated security model

type Xbiis @model @auth(rules: [{ allow: groups, groups: ["WebAppAdmin"],
                                  operations: [create, update, read, delete] },
                                { allow: public, operations: [read] }])
{

Could it be some semblence of of the old model in the backend still. Even though I ran a push with Xbiis commented out in the schema file?

What is causing the permissions error and how do I fix it?

score 0 · Accepted Answer · answered Jun 23 '23 at 00:23

Looking the AWS troubleshooting guide for unauthorized errors

Changing @auth permissions in the schema.graphql file doesn't change permissions.
The permissions are actually applied in the <project root>/amplify/backend/api/<appName>/resolvers/*.vtl files.

Since I had never added any custom resolvers logic, I just removed the folder. It solved the problem, but the next push, didn't regenerate the folder like I had hoped it would.

AWS Amplify API (AppsSync / GrapthQL) Error "Not Authorized to access listXbiis on type Query"

1 Answers1