Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

firebase security rules not working as expected

Tags:

firebase

firebase-security

i'm trying to understand how security rules structure is working. I have these rules: 

{
    "rules": {
        "level1": { //public info
            ".read": true,
            ".write": true,
            "level2": { //private info
              ".read": false,
              ".write": false
              }
        }
    }
}

then testing with simulator i expected to have r/w access to level1, and NOT to level2...

but result was i have r/w access to both levels. How is that? Am i missing something?

Thanks.

like image 714
pumpkinzzz Avatar asked Mar 18 '23 06:03

pumpkinzzz

1 Answers

When you grant (read or write) access on one level, you can not revoke access on a lower level. See this quote from the Firebase documentation on security:

Rules Cascade

SECURITY AND FIREBASE RULES WORK FROM THE TOP-DOWN

This is a critical concept of understanding Security and Firebase Rules. The child rules can only grant additional privileges to what parent nodes have already declared. They cannot revoke a read or write privilege.

like image 170
Frank van Puffelen Avatar answered Apr 01 '23 23:04

Frank van Puffelen
Sign in to Comment

Related questions

Simulate Firebase push() in Graphical UI (Forge)
Salt/Hash for Firebase Simple Login?
child_added gets triggered after remove
How do I see more details about exactly what the Firebase JavaScript client is doing?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!