In Firebase's Firestore, a user with write access to a project can simply delete any document and even a whole collection with multiple documents with a single click. This is a major security problem as any of my team member may end up deleting a whole collection with millions of documents in under a minute, through the Firebase console.
Is there a way to disable this?
Deleting a whole collection with a click:
User can cherry pick and delete a document as well:
Collaborators to your project who have write permission to Firestore will be able to delete data, including collections. If you don't want a specific user to be able to delete collections, you should grant them view-only permission to the database in the project through the Users and permissions panel in the Firebase console.
To delete a collection I nowadays have to type the name of that collection after clicking delete. This is to make it less likely that a collaborator who should be able to delete data, deletes an entire collection accidentally.
