how to write rules in firebase realtime database?

0
votes

I am given secure rules like given below. But when testing in rules playground. When reading & updating - Simulated denied.

{
  "rules": {
    "users": {
      "$uid": {
        ".read": "$uid === auth.uid",
        ".write": "$uid === auth.uid"
      }
    }
  }
}

Rules playground

I need to add json data according to my database structure. Given my realtime database structure. How to write secure rules for read & write?

real time database

2
androidjsonfirebasefirebase-realtime-databasefirebase-authentication

2 Answers

0
votes

Change your rules as below

"users": {
      "$uid": {
        ".read": "$uid === auth.uid",
        ".write": "$uid === auth.uid"
      }

Excellent documentation - https://firebase.google.com/docs/database/security

.read and .write rules cascade, so this ruleset grants read access to any data at path /foo/ as well as any deeper paths such as /foo/bar/baz. Note that .read and .write rules shallower in the database override deeper rules, so read access to /foo/bar/baz would still be granted in this example even if a rule at the path /foo/bar/baz evaluated to false.

0
votes

Your rules don't allow a user to access the whole /users collection. In your simulation, you can try accessing the /users/<uid> location, that should work fine.