firestore.rules
36 files
These rules control access to your Firestore database and enforce data security.
| Concept | Description |
|---|---|
| Security Rules | Define who can read/write data |
| Server-Side | Run on Google's servers (can't be bypassed) |
| Automatic | Applied to every request automatically |
| Testable | Test with Firestore Rules Playground |
match /path/to/document {
allow operation: if condition;
}
| Operation | Description | Includes |
|---|---|---|
| read | Read operations | get, list |
| write | Write operations | create, update, delete |
| get | Read single document | - |
| list | Query multiple documents | - |
| create | Create new document | - |
| update | Modify existing document | - |
| delete | Remove document | - |
| Variable | Description | Example |
|---|---|---|
request.auth | Current user info (null if not authenticated) | request.auth.uid |
request.resource | New data being written | request.resource.data.title |
resource | Existing data in database | resource.data.userId |
request.time | Current timestamp | request.time |
firebase deploy --only firestore:rulesSpecifies which version of Firebase Security Rules to use.
Rules version 2 is the current standard. It provides:
rules_version = '2';Version 1 is deprecated and shouldn't be used for new projects.
Declares rules for the Cloud Firestore service.
service cloud.firestore {
// All Firestore rules go here
}
match /databases/{database}/documents {
// Document path rules go here
}
{database}: Wildcard for database name/documents: Root of document paths