Jnguyen22
Reputation: 1157
Is it possible to make a condition in Firestore security rules based on information from the request's ServiceAccountKey.json file?
I want my database to be able to be read by anything and to be written only by my python script. In my python script is my ServiceAccountKey.json file. It looks like this (I took all of my information out):
{
"type": "service_account",
"project_id":
"private_key_id":
"private_key":
"client_email":
"client_id": "
"auth_uri":
"token_uri":
"auth_provider_x509_cert_url":
"client_x509_cert_url":
}
Can anything here be a part of a condition in my security rules?
Upvotes: 1
Views: 72
Answers (1)
Doug Stevenson
Reputation: 317392
No. All access to Firestore (and Realtime Database, and Cloud Storage) from a backend/desktop source that's initialized from a service account will always bypass security rules completely.
Security rules only apply to web and mobile clients who are using Firebase Authentication, or no auth at all.
Upvotes: 2
Related Questions
- Is it possible to restrict firebase firestore access to only service accounts and API keys using cloud firestore rules?
- Firebase Firestore Securitty Rule based on Attribute Value
- Firestore security rules - allow if user status is verified
- Is it possible to create firestore rules based on specific fields?
- Firestore security rules for specific document
- Firestore security rules based on map values
- How to write security rules for firebase firestore when request data and in case where we have not used firebase authentication?
- Cloud Firestore: setting security rule based on authentication
- Firestore security rules based on request query value
- Firestore - How to setup security rule without Auth, but based on Android client/request data