Do Firebase Storage security rule bucket wildcards affect other GCS buckets in project?

0
votes

Given that you can provide bucket wildcards in Firebase Storage security rules, e.g.:

service firebase.storage {
  match /b/{bucket}/o {
    ...
  }
}

Is it possible that a rule declared here could override rules (such as public read) for GCS buckets from the same Google Cloud project? Specifically, do rules created in the Firebase Storage browser affect other (i.e. non-Firebase) GCS buckets in the same project?

An example:

[Firebase storage]
- FB Bucket 1
- FB Bucket 2
(Rule: wildcard bucket* — public read)

[Google Cloud Storage]
- FB Bucket 1
- FB Bucket 2
- Special Bucket 3 (Rule: no public access)

Could the rules from Firebase Storage cause Special Bucket 3 to gain a public-read permission unintentionally?

1
firebasegoogle-cloud-platformgoogle-cloud-storagefirebase-storage

1 Answers

0
votes

The Firebase security rules apply to access to files accessed in that project through the Firebase client-side SDKs. So it's not so much about what buckets files are in, but how they are accessed.