Menu
In Firebase's Firestore, a user with write access to a project can simply delete any document and even a whole collection with multiple documents with a single click. This is a major security problem as any of my team member may end up deleting a whole collection with millions of documents in under a minute, through the Firebase console.
Is there a way to disable this?
Deleting a whole collection with a click:
User can cherry pick and delete a document as well:
389
Nope, there is nothing in place to automatically delete empty documents, as you might have a valid reason for wanting those empty documents to exist.
To delete an entire collection or subcollection in Cloud Firestore, retrieve all the documents within the collection or subcollection and delete them. If you have larger collections, you may want to delete the documents in smaller batches to avoid out-of-memory errors.
To delete multiple documents, you can do a single batched write. The WriteBatch class has a delete() method for this purpose.
Collaborators to your project who have write permission to Firestore will be able to delete data, including collections. If you don't want a specific user to be able to delete collections, you should grant them view-only permission to the database in the project through the Users and permissions panel in the Firebase console.
To delete a collection I nowadays have to type the name of that collection after clicking delete. This is to make it less likely that a collaborator who should be able to delete data, deletes an entire collection accidentally.
152
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
