Reputation: 10023
Can server-side access to Google Cloud Firestore be restricted for a service account to specific collections?
According to my perusal of the Firestore documentation, it appears that granular permissions are only available for mobile/web clients, not for server-side clients (e.g. python google cloud libraries).
https://firebase.google.com/docs/firestore/security/overview
Is this correct, or am I missing something? If this is the case, are there any plans in place to allow restricting specific service accounts to specific collections within Firestore (similar to how permission to specific PubSub and Storage objects can be granted to specific SAs), without requiring an all-or-nothing project-wide permission model?
Upvotes: 1
Views: 137
Answers (1)
Reputation: 317382
Cloud Firestore doesn't have any per-service-account granular permissions. Either the entire database is accessible, or it is not at all.
If you have questions about the future of Cloud Firestore, Stack Overflow is not the right place to ask. Post those questions to the official Cloud Firestore Google group.
Upvotes: 1
Related Questions
- Is it possible to restrict firebase firestore access to only service accounts and API keys using cloud firestore rules?
- Allow access to customer data if user is part of privileged collection
- Allow google cloud compute to access firestore
- Restricting Cloud Firestore to a specific domain
- Prevent users to read an entire collection in Firestore?
- Restrict Firestore access to authenticated users
- user access and data control to cloud firestore when calls to firestore are made server side
- Restricting access to Firebase Firestore and Storage
- How can I restrict access to collections when using Firestore's REST API
- Firestore Security Rule allowing unauthenticated access only to one collection