From console.cloud.google.com/logs, I get this error.

ERROR: "_baseMessage: "Firebase Storage: User does not have
 permission to access '[my_file_name_here]'

I was under the impression that firebase functions have admin access to manipulate Firestore and Firebase storage data regardless of permissions as discussed here. What I am experiencing seems to be the opposite. Maybe it is only because I am working with storage rather than firestore?

The firebase functions can successfully write to the storage if the read & write privileges are true. They fail when setting rules to if false; or if request.auth != null;

Is there a way that I can specify permission for ONLY firebase functions to be able to read/write data to storage? I prefer not to give read/write access to everyone.

rules_version = '2';
service firebase.storage {
  match /b/{bucket}/o {
    match /{allPaths=**} {
      allow read, write: if false;
    }
  }
}

CodePudding user response：

The answer for me was using firebase_admin npm package in my firebase functions to upload the file. Using this library gives context of having admin privileges. Hence, we can read/write even if rules deny it.

    static uploadFileAsAdmin(bufferFile: Buffer, storageDestination: string
): Promise<void> {
    return firebaseAdmin.storage().bucket()
          .file(storageDestination)
          .save(bufferFile, { preconditionOpts: { ifGenerationMatch: 0 } });
}

I was previously using firebase npm package to upload the file.

This SDK is intended for end-user client access

Because it is intended for this kind of access, Firestore rules blocked access.