Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Firebase database security rules allow authenticated user to read and write from their own contents

Tags:

firebase

firebase-realtime-database

firebase-security

Here's my database structure:

 Clients:
     employee1emailaddress
     employee2emailaddress
 Employees:
     employee1emailaddress
     employee2emailaddress
 allClients:
     client1phonenumber
     client2phonenumber

I want to make a security rule to limit the authenticated user to read and write from nodes associated to their email address

For example: the employee who has the email address of employee1emailaddress can only read from and write to the nodes that has their email addresses as the key

How to make that possible ? and thanks in advance..

like image 663
Ahmed El Sherif Avatar asked Aug 02 '18 15:08

Ahmed El Sherif

People also ask

How do you give read and write permission in Firebase?

To change the rulles you can go to the firebase project area Database on the left menu and then rules on the blue menu. However I need to mention that if you are doing a firebase deploy you WILL OVERWRITE these rulles with the contents of database.

What are security rules in Firebase?

Firebase Security Rules work by matching a pattern against database paths, and then applying custom conditions to allow access to data at those paths. All Rules across Firebase products have a path-matching component and a conditional statement allowing read or write access.

How do you link authenticated users and databases in Firebase?

To be able to let authenticated users access the database, we will need to use Firebase's Admin SDK. This framework will give us access to an API to verify authenticated users and pass requests to our database. We will be saving users' data using Firebase's Realtime Database.

How secure is Firebase authentication?

The short answer is yes: by authenticating your users and writing security rules, you can fully restrict read / write access to your Firebase data. In a nutshell, Firebase security is enforced by server-side rules, that you author, and govern read or write access to given paths in your Firebase data tree.

1 Answers

I would recommend not associating data with a user's email address. You should use their UID instead:

{
  "rules": {
     "$uid": {
        ".read": "auth !== null && auth.uid === $uid",
        ".write": "auth !== null && auth.uid === $uid"
    }
  }
}

This will only allow users to read and write from a directory in your database where the key is their UID.

like image 121
Terren Avatar answered Sep 22 '22 06:09

Terren
Sign in to Comment

Related questions

Error: Reference.push failed: first argument contains a function in property - firebase
Cloud Firestore in Cloud Functions
Firebase Crashlytics shows crashes only from debug build
How to trigger notification from firebase at a specific time?
Firebase Authentication : how to get current user's Password?
TypeError: Cannot read property 'credential' of undefined with firebase reauthenticateWithCredential
What is FirebaseAuth ID token and is the getIdToken method for it thread safe?
Firebase AB Test has 0 users
Start a firestore transaction without a transaction.get()
Firebase Cloud Firestore unavailable in asia-south1 (Mumbai)?
sync data from mongoDB to firebase and vice-versa
Firebase Unity3D desktop app (Mac/PC) - does it work or not?
Mocking admin.firestore().collection().get()
Pattern for Firebase onAuthStateChanged and Navigation Guards - Quasar app
ML Kit Barcode scanning: Invalid image data size
Managing Session Cookies with Firebase and Electron
how to know if data exists in a firestore query snapshot?
What is the proper way of connecting firebase with redux-sagas?
Firebase JS SDK warning while load application in browser (angular v5)
AngularFirestore: Property 'id' does not exist on type 'QueryDocumentSnapshot<any>'

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!