Reputation: 19592
Firebase security rules for admin read only even though they're set to false
I have a node inside my app that users can write to but they can't read to.
let specialNodeRef = dbRef.child("specialNode").childByAutoId()
specialNodeRef.updateChildValues(dict)
Is there a way I can set the rules so that only admin can read from that node even though the rules are set to false outside of using the console?
{
"rules": {
"users": {
"$uid": {
".read": "auth.uid == $uid",
".write": "auth.uid == $uid"
}
},
"specialNode": {
".read": false, // users can't read but admin can
".write": "auth.uid != null"
}
}
}
Upvotes: 1
Views: 1363
Answers (1)
Reputation: 599001
Users running the Firebase Admin SDK, or accessing the database through the Firebase console, access the database with administrative privileges. They can always read/write, so are not affected by the ".read": false.
If you want to declare one/some of the users of your application as having specific privileges, you can include their Firebase Authentication UID in the rules:
".read": "auth.uid = 'uidOfLance'"
A bit more flexible is to store the UID of each such user in the database in a form like:
"admins": {
"uidOfLance": true,
"uidOfPuf": true
}
You can then check for the UID in your security rules:
".read": "root.child('admins').child(auth.uid).exists()"
Upvotes: 4
Related Questions
- how can I read and write as an admin even if the rules set to false in Firebase Realtime Database
- Firebase rules restrict writing not working
- Firebase DB rules set to read only by owner
- Add admin privilege to firebase rules
- Firebase security rules problems
- Firebase Rules permission denied but why?
- Firebase rules allowing write when they shouldn't be
- Firebase Security rules for admin to write and read everything in database
- How can you use Firebase rules to allow user and admin write privileges?
- Firebase rules - read and write does not work the same