Learn how to use Firestore Security Rules, so you can focus on building a great user experience, without having to manage infrastructure or write server-side authentication and authorization code.
With the Cloud Firestore Security Rules, we can focus on building a great user experience, without having to manage infrastructure or write server-side authentication and authorization code.
The idea is to authenticate users through Firebase Authentication and set up rules to determine who has access to data stored in Cloud Firestore.
You can find your security rules in the Rules tab in the Cloud Firestore section of the Firebase Console.
To start securing our database we need to understand how the security rules work, let’s take a look at the default ones that come when you create the app.
The security rules work matching documents in the database, they have two permissions, and which are both false by default, meaning, no one has access to the database.
To start working with them, we tell them to allow all read/write operations, since we’re going to be in development mode:
The symbol is a cascade operator, rules don’t cascade by default.
So if you set up a read/write rule for the document but don’t set up read/write rules for no one will have access to the documents.
When you use the operator, you’re telling Firestore rules that if the user matches the condition to read that document, they should be able to…