Client doesn't have permission to access the desired data in Firebase

Question

I have a page that is calling addCheckin() method which is inside a controller. In the controller, I am trying to create a reference as follows:

var ref = firebase.database().ref("users/" + $scope.whichuser + "/meetings/" +$scope.whichmeeting + "/checkins");

$scope.whichuser and $scope.whichmeeting are the $routeParams that I am passing from another route. Here's my checkin controller-

myApp.controller("CheckinsController",
    ['$scope','$rootScope','$firebaseArray','$routeParams','$firebaseObject',
    function($scope,$rootScope,$firebaseArray,$routeParams,$firebaseObject){

        $scope.whichuser = $routeParams.uid;
        $scope.whichmeeting = $routeParams.mid;

        var ref = firebase.database().ref("users/" + $scope.whichuser + "/meetings/" +$scope.whichmeeting + "/checkins");

        $scope.addCheckin = function(){
            var checkinInfo = $firebaseArray(ref);
            var data={
                firstname:$scope.firstname,
                lastname:$scope.lastname,
                email:$scope.email,
                date:firebase.database.ServerValue.TIMESTAMP
            }

            checkinInfo.$add(data);
        }

}]);/*controller*/

There are two errors that I am getting here-

Error 1:

Error: permission_denied at /users/Vp2P1MqKm7ckXqV2Uy3OzTnn6bB3/meetings: Client doesn't have permission to access the desired data.

Error 2:

Error: permission_denied at /users/Vp2P1MqKm7ckXqV2Uy3OzTnn6bB3/meetings/-KT5tqMYKXsFssmcRLm6/checkins: Client doesn't have permission to access the desired data.

And this is what I am tring to achieve-

Answer 1

It seems like the issue is with the read/write permissions.

1. Go to Firebase console of your app

2. Select Database From Side Menu --> Select Rule From tabs above

3. Update your rules.

Here is an example of rules that allows everyone to edit the data:

    {
        "rules": {    
            ".read": true,
            ".write": true
        }
    }

Warning: use the rules above carefully, as they allow everyone to read/write everything in your real time database. See Firebase documentation for more information.

Answer 2

rules: {".read": "auth != null", ".write": "auth != null"}

Answer 3

In My case it was just firebase options not configured in flutter so I just hand to do flutterfire configure

if you do not have flutterfire cli already setup set that up from here

Answer 4

You can also specify the time, till that you wanna allow like this:

Select Database From Side Menu --> Select Rule From tabs above --> Update your rule like this

{
  "rules": {
    ".read": "now < 1672384350000",  // 2022-12-30
    ".write": "now < 1672384350000",  // 2022-12-30
  }
}

Answer 5

If someone still get the Error: permission_denied after allowing correct read rights and are fetching data with some kind of firebase npm package; it could be because you're trying to read from Realtime Database instead of the Cloud Firestore.

I was using react-redux-firebase npm package for a quick and easy setup. By default it uses the Realtime Database. If you're using Cloud Firestore you need to state that in the config with useFirestoreForProfile set to true.

import { ReactReduxFirebaseProvider } from 'react-redux-firebase';

const store = configureStore();
const rrfProps = {
  firebase,
  config: { 
    userProfile: 'users', 
    useFirestoreForProfile: true  // Firestore for Profile instead of Realtime DB
  },
  dispatch: store.dispatch,
  createFirestoreInstance,
};

Probably similar issues with other packages for firebase, like flamelink that support Realtime Database but not Cloud Firestore as stated in this issue.

Answer 6

None of these answers provide the most secure way to set up the Realtime Database.

• You don't want anyone to randomly access or write to your database
• Even if the user is authenticated, you don't want them to access other's data

This rule should address all the cases:

{
  "rules": {
    "users": {
      "$uid": {
        ".read": "$uid === auth.uid",
        ".write": "$uid === auth.uid"
      }
    }
  }
}

Answer 7

Please register your self in firebase by using the below code

Firebase.auth()
            .createUserWithEmailAndPassword(email, password)
            .then((data) => console.log(data))
            .catch(error => console.log(error))

and authenticate your self using registered email and password by below code

Firebase.auth()
           .signInWithEmailAndPassword(email, password)
           .then((data) => console.log(data))
           .catch(error => console.log(error))

With the below rules in your real time database

{
   "rules": {
    ".read": "auth != null",
    ".write": "auth != null"    
    }
}

Then automatically you will be able to access the data from the real time database

var ref = firebase.database().ref("users");
ref.on("value", function(snapshot) {
 snapshot.forEach(function(childSnapshot) {
  var childData = childSnapshot.val();
  var id=childData.id;
  console.log(childData);
 });
});

While logging out add the below command to logout of the app

Firebase.auth().signOut()

Answer 8

I hope this can help you.

{
    ".read": true,
    ".write": "auth !== null && root.child('users').child(auth.uid).child('meetings').val() ===  true"
}

You can remove the string && root.child('users').child(auth.uid).child('meetings').val() === true"

and the result is the same.

Answer 9

In order to grant access to all authenticated users, go to database rules tab in firebase web console and copy/paste following rules:

{
   "rules": {
    ".read": "auth != null",
    ".write": "auth != null"    
    }
}

Answer 10

As all provided answers include a security issue where everyone could write / delete entries in your database, which for instance could cause extensive costs and or complete loss of data, when used in a bad way.

Of course you need to use firebase authentication features to use those rules, but preventing write access for anonymous should be default. The following rule provides read access to everyone while keeping security.

{
    "rules": {
        ".read": true,
        ".write": "auth.uid != null"
    }
}

Answer 11

Firebase project by default starts with Firestore as database.

This issue can happen if the application uses "Firebase Realtime Database" and permission for it are not configured. Read and write permission for Firebase Realtime Database should be explicitly granted.

To do so, in Firebase console, Database > Pick "Realtime Database" instead of "Firestore Beta" from the dropdown beside Database > Rules > Set

{
/* Visit https://firebase.google.com/docs/database/security to learn more about security rules. */
"rules": {
".read": true,
".write": true
}
}

Hope that help!

Answer 12

It appears that the /users/{uid} routes can be written to but they can not be read from. I changed /users to /userx and it immediately began working.