Reputation: 646
Firebase security rules to an specific field
I'm starting to use Cloud Firestore and I have a question about the security rules. I need to know if I can set write permissions to a specific field. For example I have a collection named "tickets" and each document is:
ticket\
id: "firebaseIdklnalskdla",
status: "in_progress"
creation_date: "28/08/2018"
I need to specify "write" permissions only to the "status" field. Is that possible?
Upvotes: 2
Views: 2318
Answers (2)
Reputation: 2906
Firebase team come up with a very interesting explanatory video where they talk about this case: https://youtu.be/8Mzb9zmnbJs?t=1313 After document creation you can setup restrictions on which fields can actually be altered.
Upvotes: 1
Reputation: 76799
the security rules might look about like this (not tested):
service cloud.firestore {
match /databases/{database}/documents {
// here one can limit per user and other conditions, not per field.
match /tickets/{ticket} {
allow update: if get(/databases/$(database)/documents/users/$(request.auth.uid)).data.admin == true;
}
}
Structuring Cloud Firestore Security Rules explains it and
meanwhile there also is a Firestore Security Rules Simulator.
Upvotes: 0
Related Questions
- Firestore security rules | enforcing field VALUES
- security rules to allow update of specific fields
- Firestore per-field security rule
- Rules on specific fields on Firebase
- Is it possible to create firestore rules based on specific fields?
- Firestore rules - securing data by field
- Per field rules in Firestore Security Rules
- Specific Firebase Rules
- Firestore security rules, restricting child/field
- Firebase Firestore Security Rules: Allow subset of fields