Basic examples of using Cloud Firestore Security Rules

Articles:

1. Basic examples of using Cloud Firestore Security Rules
2. Advanced examples of using Cloud Firestore Security Rules

Cloud Firestore Security Rules is a tool to define access control to your Firestore. You don’t have to worry about creating an authorization or authentication code for your database. In the dashboard of the Cloud Firestore Security Rules define matches to your collections or subcollections and create conditions for each of them to manage access to the Firestore.

Photo by Dayne Topkin on Unsplash

1. Lock the Firestore

That’s a part of the code to block all operations in Firestore. You must remember that requests from Admin SDK are still possible.

match /{document=**} {
   allow read, write: if false;
}

• Wildcard syntax {document=**} has been used to match all collections and subcollections in the Firestore.
• A Simple condition false to block all operation

2. Unlock the Firestore

This’s an example of how to make your Firestore completely open to all requests and all users.

match /{document=**} {
   allow read, write; // or allow read, write: if true;
}

• Wildcard syntax {document=**} has been used to match all collections and subcollections in the Firestore
• The Firestore doesn’t block any request when you don’t define any condition
• A Simple condition true to allow all operation

3. Special security rules for a specific collection

match /{collectionName}/{documentId} {
   allow read, write : if collectionName != "users";
}

• Wildcard syntax collectionName has been used to create the special conditions for users collection

4. Access for an authenticated user

In the Security rules, you have access to the request object. The Request consists of authentication information so that you can use it to verify that the requested user is authenticated.

match /products/{productId} {
   allow read: if…