Reputation: 325
How to restrict read access by admins on firebase firestore database?
I am currently using Cloud Firestore for my iOS app, which allows users to store their expenses to the database, but in order to secure privacy, is there any way I can make sure that I can't read the data that they are inputing into the database. While the queries and all still work, I or any admin isn't able to see what users have put into their database?
Upvotes: 4
Views: 1306
Answers (2)
Reputation: 612
As @Frank van Puffelen suggested:
Obfuscating the data through encryption, will prevent any unwanted eyes from viewing any information. This will add to your workload since you will need to perform the encryption and decryption at either end of the app (client and server).
I believe, you could take advantage of firebase's cloud code, to minimise the amount of code execution performed on the device, but I have never tried this, so am unable to confirm.
As far as an encryption key, you have a few options:
- The user's password: This is one way of ensuring the encryption without revealing the key to any admin, since passwords in firebase are already obfuscated from any viewer. The only issue would be that a user would be locked into a password, as changing it would prevent decryption.
- Store locally: You could store the key locally on the device, which would mean that the user could enter a key, or have one auto-generate, upon launching the app for the first time. You would then store this in the app's
default keystorage, and retrieve when required. Whilst, I believe this to be the safest, it means that your app could not be used across iCloud devices, since the key would be stored locally. - Finally, is
CloudKit, which allows you to store data in the cloud. This is private, and only accessible to the user's cloud devices.
I realise that there is no code in this example, I am not currently at my desk, for which I am sorry for, if anyone else would like to edit with some code examples, I would be grateful.
I hope this helps.
Upvotes: 2
Reputation: 317362
No such feature exists. Admin access through the console and the Admin SDK is able to read all collections and documents all the time.
Upvotes: 3
Related Questions
- How can give access to read but not write in firebase firestore settting rules
- Can I restrict certain fields in firestore database to be only fetched by firebase admin?
- Firestore rules to restrict users to read/write only their data
- How do I define admin permissions in Firebase Firestore?
- How do you allow only admins to read certain fields in a document in Cloud Firestore?
- Firebase (Firestore) security rules, limit access to object for specific users
- Restrict Firestore access to authenticated users
- Restricting access to Firebase Firestore and Storage
- How to restrict users from reading data from Firestore documents?
- How to restrict read only to Authorized users of Firebase Database?