For example:
match /groups/{document=**} {
allow read, write, delete: if false; ///Never allow any client to modify this collection and any sub-collections under it
}
I want to lock down my groups
collection and any sub-collection under it. I know that I don't really need to write the code above, but was wondering if there was any benefit to adding it.
CodePudding user response:
There is no change in behavior by adding that code because denial of access is the default for any document that is not already matched by some rule that allows access. Security rules implement an allowlist, meaning all access is denied except for that which is allowed (and once access is allowed by a rule, it can't be later denied by another rule).
If you want that there for your own reading and understanding, that's fine. But it's not changing the way anything works by default.