I have a lot of accounts inside a collection called Users
and I want to prevent the deletion of the documents (accounts), How can I do it using rules security?
Also, I want to ask is it possible to prevent deleting any document inside Users collection via Firebase Console
?
I don't need to delete any document never even by the admin
Edit Rules History
//Before pusblish the question
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write;
}
}
}
//Current
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /USERS/{userId} {
allow delete: if false;
}
}
}
CodePudding user response:
A write
rule can be broken into create
, update
, and delete
. You can prevent deletion of documents using these security rules:
match /users/{userId} {
allow delete: if false;
}
Checkout the documentation of security rules granular operations.
You cannot prevent deletion of documents from the Firebase console (but best to prevent anyone unauthorized to access that at first place).
Your previous security rules were insecure and allowed anyone to read/update/delete any collection. The updates rules only specify that no one is allowed to delete the documents in users collection but there's no condition for read operations and for other collections. You should explicitly define them as shown below:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /USERS/{userId} {
allow read: true;
allow delete: if false;
}
match /Transactions/{txnId} {
allow read, write: if true;
}
}
}
The above rules allow anyone to read users collection but not delete any document and read/write any document in Transactions collection. I would recommend checking out Get to know Cloud Firestore - Security Rules and writing secure rules as per your use case.