Firebase-security Questions

I had a specific user role which is only allowed to update certain fields. this is what my firestore rules look like for this particular

I want to know how we can write firebase realtime database security rules in the way like unauthenticated user can read and write on a specific

My webapp, like 99% of apps, has in db a collection of users. i can access user at /user/ so i setup rule to allow every user to access only its

I would like to give multiple users access to fetch a collection of "messages" they have access to in firebase realtime

Our project was working great, till today at some point after multiple deployments using terminal, i couldn't deploy any more :

I got an upload file functionality in my application and this is working perfectly fine on localhost. however, when will run

I am trying to check if a username already exist in the database. here is the code i have written for that..

We are using in out app google sign in but also have function to "skip authentication" for authenticated user we have the following

I want to update only some fields in the document so i found hasonly function in the documentation

Are these two firestore rules different at all in the number of reads that they spend from my quota? note that iswebadmin() does an

As i understand firebase security rules are for authenticating different types of users and provide authorization based on that, but what if my

I'm trying to secure an app in which users can manage their bands. the users can be part of multiple bands and therefore can have different roles

I am building a nodejs express app and am using firebase as the backend. i am trying to secure my firebase backend, more specifically the

Consider this simple firestore database structure: 1: firestore structure cities/ city1/

I'm having issues reading and writing data from my database on the client (my ios app) using the following database rules: //

I accidentally chose locked mode when creating a firebase firestore database, and i can't find a way to change it or delete the database.

I am writing a small program in react that manages a league of sorts. the problem i have is how do i allow access (read, write) to the

My current firestore rules in my project:

I have checked the documentation but i am not sure how to apply that rule to my specific data structure, please check how my data is organized and

I want to give permission of read and write just to users whom exist in the members group but i don't know why it doesn't work ? this is

I'm trying my best to set up a functionality in my application that will allow people who know a group's login and password to join it.

I am trying to make some security rules to allow authenticated users to access (read / write) chats path based on some conditions for

I want unlogged users of my reactjs webapp to be able to read only "business profile collection".

I have three collections, collect 1 and collection 2 that can only be read by authenticated users. the third collection

I'm creating an application in firebase that needs ensure that users can only read/write documents/collections that belong to their team. my

I struggle to find a way to create a rule that allow read if a user is a participant in a document. i have a collection of documents where

I'm trying to get request.auth.uid == userid to be tested but i'm getting 'simulated read denied'. i checked all of the basic questions

I read the documentation and watched the video about this but still not understanding perfectly i mean i know how to write those security

I am creating android application with firestore. my app does not require authentication. is there any security rule to allows everyone read &

Im working on an ionic app, i would like to send data to my firebase realtime-database as an object and compare the data with something, however

Firestore doesn't work well with get inside a function i have this rule service cloud.firestore { match

I'm working on firebase-realtime-database on ionic, i am a bit confuse about how to "read" and "write" inside the $uid node. which i am currently

I need to check a document's data in firestore to allow someone to view an image in firebase storage. is this possible?

Let the following rules: match /users/{user} { // do not specify any authentication for the read rule - do not specify any delete

How can i verify if an incoming field is a valid e-mail? is there a way to use string-functions or anything in firestore security

I need to check is property exists in document in store. allow update, delete: if resource.data.uid; in code above i have error

I would like to explain my problem with an example ;there is a user having uid [let say: vluaziiv3deifapq5kdzfi1dsx73] should only be given

I'm having a structured set of firestore rules that everything works fine except for custom user claims inside a custom jwt. i'm using

It's my first time i am working with firestore db. so i have this user class in my app: data class user( val name: string,

I'm trying to use a wildcard in my firebase security rules but it's not working like the online documentation describes.

I'm creating an app that has uses a firebase cloud firestore database. the structure seems to be collection/document/fields. i am thinking of

I am new to firebase database and i am having trouble understanding the security rules. example rule 1: { "rules": {

I can't work out why my regex is matching things it shouldn't when used on firebase to validate usernames. i've tried reading other posts

I have a simple collection reference in a service

Been playing with firebase rules for a while now and i am unable to get my desired result database:

I want to initialize a firestore database with a script and so i would like to write to the database rules through a rest api rather than

Here is a problem i am facing now with the firestore security rules. first of all here is an example of data structure i have in my

I want to check that a resource has a reference to a user document when creating it, but i don't need to actually get() the object. is this

In my firestore, i have a boolean field called admin for the user documents in my users collection. when true, that user can read

I'm using firestore database and i'm now trying to add security rules after building many of the pages without security rules. that was

How do i check if a field is of type string[] in firestore rules? i have a tags field in a document, which

I have created a database cloud firestore. in this database i want anyone to be able to read and write if: request.auth.uid != null

I am writing firestore rules for an android app i'm currently developing. i am having trouble writing security rules. i want to have a collection

I'm building out a react native application and just starting to build out all of the security rules in my firestore database. i have several

So, i am building a multi tenant application which involves multitude of collections and user invitation. since i don't know which user id the

I couldn't find any way to access the name of the data that is being written in firebase rules, which is very critical for me. does firebase

I have these rules: match /suuntoappaccesstokens/{username} { allow create: if request.auth.uid != null &&

I am trying to use cloud firestore with my android app. so i am storing 3-4 fields . so i ll give an example with cars collection. there is a

I have a firebase project, which uses firestore. i often manually modify security rules and indexes on the firebase console, but i also have local

I have a collection called announcements that i'm using to store data. however each document has a field called "permissions" that contains a

I have 2 questions related to firebase realtime database. q1) is it possible to hide a certain node from public and only one person have

I'm trying to create a firestore auth rule that checks the current user against a list of team members in a team document. the members are stored

I am having an issue with firestore rules when the permission is stored in another document in another collection. i haven't been able to find any

I want to create a rule for my firestore database that will allow users to have access to it based on a custom jwt token that they pass up. my

I have a simple chat app on cloud firestore with the following security rule to only allow users the ability to send messages in a chat room if

I am trying to create a document reference, set up an onsnapshot listener, save the document and then upload a file which will trigger a cloud

I read through the

I am new in development. i have a very basic question but i tried to find it on google and did not understand. my question is that. in

I am building an application (not for production, kind of exam) which stores images in firebase storage and i do not know how to protect them

I'm writing quiz app of sorts using vuejs and firebase firestore. so far i've made everything except this one last part. users are

I created a collection of user ids for each user and i want to set the database rules to read the collection item only if the user id matches the

I'm trying to check if an incoming string is an email, so i wrote the following firestore security rules: service cloud.firestore

I am trying to get a rule set working to allow users to see there own data... my current rule set is: { "rules": {

I have read practically every stackoverflow answer and none of them worked for my scenario since this is a frequent issue. my xcode console is

I need to control access to individual properties under a user object in the users directory in the firebase rtdb. my current rules are as

Match /userprofile { match /{uid}{ allow get: if isuserloggedin() && !isuserblocked(uid); } when i try

I need some help making my security rules for firestore work. these are my firestore rules: service cloud.firestore {

I'm working with firebase, and recently started to look into the security rules to protect the accounts inside my realtime database. i went out to

I want to make a set of rules, where it would only accept read and writes from a specified url. example, when some code is trying to

We are currently writing crud rest api operations with firebase functions using firbase’s node-js sdk. when writing to firestore db,

I have been able to get firebase authentication to work for google sign in, anonymous sign in and from email and password sign in, including

I am new to firestore and i'm trying to setup simple security rules so that only someone who is signed in can create a new database entry and that

I am writing an rsvp application where the user gets onto the site and just enters their name. i want to, if their name matches a record in the

I am having trouble testing in the cloud firestore simulator. i cant get "write" access when i have the following rules. should my

I'm trying to add a rule in my real-time database that would prevent users to insert a date that is bigger than now. the dates that i currently

Im building a flutter application for managing tasks and storing clients data on firebase firestore but i have no experience with configuring

I want to delete all students in my firestore database, to do this i used collection group but i had a problem

I have a collection with documents that have the following fields uid: it is the user id of the user who created the document

Using firebase firestore i am storing chat room details in documents containing some data like: roomname roomavatar createdate

I need to set a folder public with only read permisions in firebase storage, my security rules are service firebase.storage {

This was my initial firebase security rule: service cloud.firestore { match /databases/{database}/documents { match

Firestore security rule allow list: if request.query.limit <=30 && request.query.orderby == 'date'

I want to allow unauthorized or unregistered user to read some of my data from firebase that been write by authorized/registered user.

I have a collection of users: users: useruid: group: "group_1" name: "paul" useruid: group: "group_1"

I am trying to set a rule on a node in firebasedatabase, but i get error error saving rules - line 85: key names can't

I am using firebase and want to allow writing on a child but not on parent. i have a collection that is called guests. users can set data

In my firebase -> database -> rules editor, i have a match rule for the write op on a course that tests if the status

I added a new functionality to my application and now i'm getting this error: maximum of 1000 expressions to evaluate has

I'm trying to display data only for vip users. i use the code below, but every user can saw the data anyway. i want to hide actors data

I have set up a read rule on my firestore, and it works fine when doing a get on a single document by id, but fails with a firebaseerror: