Firebase Realtime Database rules to allow a single user Write access

0
votes

My current Android Application makes use of the Firebase Realtime Database.

I am struggling with the security Rules as I wish to allow only a Single User to be able to Write data while allowing any authenticated user to read data.

I have set these rules but am unsure if they are secure enough...

{
  "rules": {
    ".read": "auth != null",
    ".write": "auth.uid === 'xxxxxxxxxxxxxxxxxxxxxxx'"
  }
}

Where 'xxxxxxxxxxxxxxxxxxxxxxx' is the specified user I wish to allow to write data.

Is a users uid a constant value?

What does the "Authenticate" option manage when clicking on the Simulate button when testing out new rules?

1
firebase-realtime-databasefirebase-security

1 Answers

2
votes

Once a user's UID is generated, it will never change. So checking the UID in the security rules is indeed a common way to ensure only that specific user has a certain permission. I do this on almost every project when getting started for the initial (admin-type) users.