I am trying to write security rules for my Firestore-based app and I am confused as to whether access to documents/collections in Firestore is the default (meaning that I need to write rules to specifically forbid access to any documents in the cases where I should limit access) or if access to documents is not the default (meaning that I need to write rules to specifically allow access in the cases where I want to enable access)?
From the firestore documentation I read this:
Every database request from a Cloud Firestore mobile/web client library is evaluated against your security rules before reading or writing any data. If the rules deny access to any of the specified document paths, the entire request fails.
From this, it seems that all documents are accessible by default but I am not certain and wanted to ask.
Any clarification would be greatly appreciated! ????
Start in locked mode, Make your database private by denying all reads and writes
and anotherStart in test mode, Get set up quickly by allowing all reads and writes to your database
. By selecting any one of these mode, you'll end up setting security rules. – Mohammed Farhan