Disable read rule on only one node in firebase real-time database

Question

I have a firebase real-time database connected to my angular 6 project, the write rule in my database is set to false since I'me using functions to add, edit, delete anything in the database and the rules in the rule's tab is like this

  "rules": {
    ".read": "auth != null",
    ".write": false,
  }
}

So my question is how can I disable the read, only for one node lets name it 'companies', cause I need to give it more security and send read request also using functions for that node only. P.S: I have a lot of nodes beside of 'companies node'

Answer 1

Once a node has been given read access, that can't be revoked by a later rule. From the documentation:

{
  "rules": {
    "foo": {
      ".read": true,
      ".write": false
    }
  }
}

.read and .write rules cascade, so this ruleset grants read access to any data at path /foo/ as well as any deeper paths such as /foo/bar/baz. Note that .read and .write rules shallower in the database override deeper rules, so read access to /foo/bar/baz would still be granted in this example even if a rule at the path /foo/bar/baz evaluated to false.

So, a shallow grant to read access at the root of your database can't be changed later in a deeper node.

You will have to expand your rules to allow access to only the nodes that you want the user to read, and omit the children you want to reject access to.