Reputation: 748
How to only allow a specific user to create new users in Firebase?
There are a lot of posts and discussions about restricting read/write access to specific users in the Firebase real-time database. However, I am not able to find a way to restrict the creation of new users to only a specific user/admin.
My application consists of a manager and employees. Only the manager should be able to add new users (employees) to the database along with having access to specific data which employees cannot access. From my understanding, the API which Firebase provides means that any client can create new users.
Could someone please guide me on how I can achieve this?
Upvotes: 1
Views: 2872
Answers (1)
Reputation: 83103
You can do as follows:
Firstly, create an admins node in your database to which you add the admin/manager user(s) with their userId, as follows:
- admins
- Br8kiG5....
- users
- Abcd88676....
- ....
- JHgU76hgh....
- ....
Secondly, set-up some security rules as follows,
{
"rules": {
"users": {
".write": "auth != null && root.child('admins').hasChild(auth.uid)",
".read": .....
".indexOn": .....
},
.....
}
}
Thirdly, implement the Firebase authentication in your app and only the user(s) listed under the admins database node will be able to write under the users node.
Upvotes: 3
Related Questions
- Firebase authentication limit login by the same user
- Allow only valid firebase user to access my Nodejs API
- Restrict Firebase users by email
- Is there a way to restrict registrations in firebase
- How to allow a node to be created, updated and deleted by the creator but not by other users in Firebase?
- Firebase Rules: Only let users edit own profile but create new users
- Firebase rules to allow some user access
- Allowing specific user write access
- Firebase add users but disable any modification
- Firebase Simple Login - Prevent New Users