What is the rule of firebase realtime database that shows users all its data with security
{ "rules": { ".read": "auth != true", ".write": "auth != true" } }
This rule is not provide user security
Asked
Active
Viewed 179 times
0
Renaud Tarnec
- 79,263
- 10
- 95
- 121
Borad Kunj
- 1
- 2
-
See the Firebase documentation on [implementing content-only access in security rules](https://firebase.google.com/docs/rules/basics#content-owner_only_access). – Frank van Puffelen Feb 03 '22 at 15:00
1 Answers
1
As explained in the doc you need to use the uid property of the auth variable in a Security Rule to identify the user.
But the exact rule depends on your data model.
The below example, copied/pasted from the documentation (cf. above link), is based on the following data model: a users node contains, for each user, a sub-node with an id equivalent to the user uid.
{
"rules": {
"users": {
"$user_id": {
// grants write access to the owner of this user account
// whose uid must exactly match the key ($user_id)
".write": "$user_id === auth.uid"
}
}
}
}
It's up to you to adapt it to your specific data model.
You may be interested by this answer which explains that, in certain cases, relying on the fact a user is authenticated is not sufficient. Again it depends on your specific case.
Renaud Tarnec
- 79,263
- 10
- 95
- 121