0
votes

My Question

Is it possible to create firebase rules such that the user can read certain data fields in a document but not read other rules in the same document?

I'm asking this question because I want to enable users to query data from documents but only certain fields in the document.

For example

Assume that you have the following data in a story-document:
/stories/{storyid}
{
  title: "A Great Story",
  content: "Once upon a time...",
  author: "some_auth_id",
  published: false
}

In the example below I have attempted to create a rule such that users can read/query the author of a document (but not other fields of a document - for example title).
Notice that I have added /stories/{storyid}/{author}

service cloud.firestore {
  match /databases/{database}/documents {
    match /stories/{storyid}/{author} {
      allow read: if request.auth != null;
    }
  }
}

How would I go about to create such a rule?

1
Did you look at the Official Documentation? - mustangDC

1 Answers

2
votes

I guess that you mean "Is it possible to create firebase rules such that the user can read certain data fields in a document but not read other fields in the same document?"

This is actually not possible: Firestore Security Rules apply at the level of the document.

One classical solution is to duplicate the documents in another collection with only the subset of the fields you want to make readable.