Reputation: 1727
Firebase Firestore "Missing or insufficient permissions" despite open security rules
I'm trying to create a document in Firebase Firestore. I have manually added documents to it in the Web UI, but am unable to do it programmatically.
The following is a single HTML file, containing all the code, which is directly taken from the docs:
<!-- The core Firebase JS SDK is always required and must be listed first -->
<script src="https://www.gstatic.com/firebasejs/8.3.1/firebase-app.js"></script>
<script src="https://www.gstatic.com/firebasejs/8.3.1/firebase-firestore.js"></script>
<script>
// Your web app's Firebase configuration
var firebaseConfig = {
apiKey: "<REDACTED>",
authDomain: "<REDACTED>",
projectId: "<REDACTED>",
storageBucket: "<REDACTED>",
messagingSenderId: "<REDACTED>",
appId: "<REDACTED>"
};
// Initialize Firebase
firebase.initializeApp(firebaseConfig);
var db = firebase.firestore();
// example from the docs
db.collection("users").add({
first: "Ada",
last: "Lovelace",
born: 1815
})
.then((docRef) => {
console.log("Document written with ID: ", docRef.id);
})
.catch((error) => {
console.error("Error adding document: ", error);
});
</script>
I have redacted the config object, but it was copied directly from the Firebase config page (furthermore, I know the config is correct because in another app (not pictured), Firebase Auth works just fine).
Upon opening the above HTML page, I get the following error in the console:
Error adding document: FirebaseError: Missing or insufficient permissions.
My Firestore security rules are as follows. They should be completely open to all reads and writes:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write, update, delete, create: if true;
}
}
}
Despite the "Missing or Insufficient Permissions" error, when I go to the "Monitor Rules" tab of the Firestore Rules page, I don't see any stats for the denied requests, as if the rules didn't even get evaluated at all, despite me having ran at least 50 requests over the last 24 hours:
Running simulated Firestore requests in the Firestore Rules Playground succeeds every time as expected, whether the request is "authenticated" or not.
Please advise, I am at a loss for what else to try.
Upvotes: 1
Views: 885
Answers (3)
Reputation: 1273
Following the @Mark Answer via the Google link (https://cloud.google.com/firestore/docs/security/iam#security_rule_dependency_on_iam)
Here's the quick command that solved the above issue(Missing or insufficient permissions).
Goto google cloud and open cloud shell in your browser type the following command:
gcloud projects add-iam-policy-binding YOUR_PROJECT_ID
--member=serviceAccount:service-YOUR_PROJECT_NUMBER@firebase-rules.iam.gserviceaccount.com
--role=roles/firebaserules.system
Tip:
For the ProjectID and ProjectNumber getting thing
If you're using the Firebase CLI for the above one and have already set up the project locally, then just type in the terminal
firebase projects:list
Then you can simply see there's your Firebase project list along with the above details use the one you're experiencing issue.
Upvotes: 1
Reputation: 21
I spoke with Google support and found you need the
firebaserules.system IAM role. Here is what I received:
Thank you for contacting Google Cloud Support. My name is Sakshi and I will be helping you with this issue.
I understand that you are getting the error [1] on the existing Google project and want to debug this error without creating a new project. Please correct me if I have misunderstood the issue.
Please note that the service account or user account you are using to authenticate Firebase project need to have ‘firebaserules.system’ role, If you don’t have this role your security rules will deny all the incoming requests. I will suggest you refer to the document [2] to know more about this in detail.
If your application is using the server client libraries or the REST or RPC APIs, please note that they bypass all Cloud Firestore security rules and instead authenticate through Google Application default credentials. Please follow this document [3] to know about Firebase security rules.
I hope the provided information is useful. Please let me know if you have any questions regarding this issue.
Regards, Sakshi Google Cloud Support
[1] Firebase Firestore "Missing or insufficient permissions" [2] https://cloud.google.com/firestore/docs/security/iam#security_rule_dependency_on_iam [3] https://firebase.google.com/docs/firestore/security/get-started
Upvotes: 1
Reputation: 1727
I have sidestepped solving this issue by simply creating a new project. I still don't know what was wrong. Please see the comments below my question for possible solutions.
Upvotes: 1
Related Questions
- Firestore rules query FirebaseError: [code=permission-denied]: Missing or insufficient permissions
- Error with Firestore security rules: FirebaseError: Missing or insufficient permissions
- Firebase insufficient permissions - what am I doing wrong?
- Cloud Firestore security rules not working
- Firebase Firestore security rules seem not applied at all
- Firebase security rules insufficient permissions
- Missing or Insufficient permissions on Firestore Security Rule with get()
- Firestore no permissions to execute operation
- Firestore returns insufficient permissions, even tough it shouldn't
- Firestore security rules - permission denied