Home > Blockchain >  Firebase: Firestore security rule for production
Firebase: Firestore security rule for production

Time:04-14

Below is a sample security code I am trying to implement in production but it keeps throwing following error.

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read: if request.time < timestamp.date(2022, 4, 13);
    }
  }
}

Error:

Missing or insufficient permissions.

I only want a "read only" database for production. What am I missing here?

CodePudding user response:

allow read: if request.time < timestamp.date(2022, 4, 13);

This statement returns true only when time of current time is before 13th April 2022 that was yesterday.

match /{doc=**} {
  allow read: if true;
}

You can switch to rules shown above to always allow read operations.


However, these rules allow anyone on the internet to read your database (that should be fine for this specific use case) but you should write secure rules if you also have any other use case.

Checkout more about security rules in the documentation. Also checkout Get to know Cloud Firestore | Security Rules video on Firebase's Youtube channel.

CodePudding user response:

if you want a read-only database then you're probably looking for the ruleset something like this:

allow read; 
allow write: if false;

And, just an extra tip, give your users the most minimal permissions. That means, in this case, itself, you probably don't want to give your users read permission to the entire database.

So, it's always a better choice to allow reading or writing only to the specific collections or documents.

  • Related