Menu
We can share a BigQuery dataset with a service account, we can add a service account as a member to a specific bucket by assigning to it a specific role....using graphic interface.
What about Firestore? Can we share a specific collection with a service account?? I couldn't find any such option in the web interface..
Remark: I don't have permission to grant global permissions to service account, but I have permission to add members to a resource and grant them roles over that specific resouce.
Thank you!
609
The document name is set to the user UID that firebase give the user. Now you can simply request the data from the database with the user UID as being your . doc(user. uid) .
To see if a service account has access to a resource, call the getIamPolicy method on the target resource. For example, to view grants for a project, call the projects. getIamPolicy method." But to get organization level permissions, the service account do not have permission to do the API call.
There is no way to assign permissions to service accounts at that level of granularity in Firestore using IAM for Firestore. A service account either has access to every document with the stated privilege, or nothing.
This runs in contrast with per-user access to Firestore via web and mobile clients authenticating with Firebase Authentication. In that case, it's possible to assign per-user permissions using security rules. It's worth nothing that accessing Firestore with a service account completely bypasses all rules established through Firebase.
114
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
