simple security rule to read a given document

Question

I am getting simulated read denied for accessing a simple collection

Data Model:
/users/$userId/

This is a simple collection, with no sub-collection.

In my simulator I am doing a get on a single document

/databases/users/documents/0011476476904

With below authentication payload

{
  "uid": "0011476476904",
  "token": {
    "sub": "0011476476904",
    "email": "",
    "email_verified": false,
    "phone_number": "",
    "name": "",
    "firebase": {
      "sign_in_provider": "google.com"
    }
  }
}

I have a simple rule to allow read if auth.uid matches userId but I am still getting simulation rule denied

rules_version = '2';
service cloud.firestore {
  match /databases/users/documents/{userId} {

      allow read, write: if userId == request.auth.uid;

  }
}

is there anything wrong in the way I have set the rule?

Renaud Tarnec Renaud Tarnec · Accepted Answer · 2020-02-23T09:10:16

If you have a single users collection, the way you should modelize/define your security rules is the following:

service cloud.firestore {
  match /databases/{database}/documents {

    // Match any document in the 'users' collection
    match /users/{userId} {
         allow read, write: if userId == request.auth.uid;
    }
  }
}

See the doc for more details. Also, it's worth watching the video embedded in this doc page.

simple security rule to read a given document

1 Answers