Reputation: 5694
Firebase Realtime Database rules to allow a single user Write access
My current Android Application makes use of the Firebase Realtime Database.
I am struggling with the security Rules as I wish to allow only a Single User to be able to Write data while allowing any authenticated user to read data.
I have set these rules but am unsure if they are secure enough...
{
"rules": {
".read": "auth != null",
".write": "auth.uid === 'xxxxxxxxxxxxxxxxxxxxxxx'"
}
}
Where 'xxxxxxxxxxxxxxxxxxxxxxx' is the specified user I wish to allow to write data.
Is a users uid a constant value?
What does the "Authenticate" option manage when clicking on the Simulate button when testing out new rules?
Upvotes: 0
Views: 1364
Answers (1)
Reputation: 598728
Once a user's UID is generated, it will never change. So checking the UID in the security rules is indeed a common way to ensure only that specific user has a certain permission. I do this on almost every project when getting started for the initial (admin-type) users.
Upvotes: 5
Related Questions
- How to set the read and write rules for a specific user in Firebase Realtime Database?
- Firebase database security rules allow authenticated user to read and write from their own contents
- firebase security-rules write access to only one specific field
- Firebase Realtime Rules: Allowing multiple Users Access to Data
- How to grant write access to only a person within Rules?
- firebase realtime db security rule to allow specific users
- Firebase Realtime Database read rule for specific user
- Firebase rules to allow some user access
- firebase database rule allow read/write to specific users with specific info
- Firebase database rules: users permission