SaaS access control using Amazon Verified Permissions with a per-tenant policy store
Security Blog
This article provides a detailed guide on using Amazon Verified Permissions for access control in a multi-tenant SaaS document management application, with a per-tenant policy store approach.
Specifically, the article covers:
- An overview of the application architecture and the rationale for using a per-tenant policy store approach
- How to define and enforce global policies across all tenants
- How to isolate tenants and prevent one tenant from accessing another's resources using IAM policies
- Implementing access controls for various use cases:
- Adding a new document
- Sharing a document with another user in the same tenant
- Accessing a shared document
- Managing all documents for a tenant (for tenant admins)
- Conclusion and additional resources
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Mar 26
2024
2024
Use Amazon Verified Permissions for fine-grained authorization at scale
Apr 23
2024
2024
Using Amazon Verified Permissions to manage authorization for AWS IoT smart home applications
Feb 12
2025
2025
Unlock the power of fine-grained access control with Amazon Verified Permissions
Oct 13
2025
2025
Secure customer resource access in multi-tenant SaaS with Amazon VPC Lattice
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.