Writing firestore security rules.

Use Firestore security rules to secure your data.



Published at: 2019-10-14T06:59:46+01:00



I've recently been working on a small blog (the code for which is released under a BSD 3-Clause license). As part of this, I've been looking into writing cloud security rules.

When writing security rules you write rules for adding documents to your database. The security rules are pretty powerful – you can use them to query other documents in your database as well as access the data of the current user.

All the content of your rules should go in the firestore.rules file at the root of your project. Inside this file all your rules need to be wrapped.

``` I've recently been working on a small blog (the code for which is released under a BSD 3-Clause license). As part of this, I've been looking into writing cloud security rules.

When writing security rules you write rules for adding documents to your database. The security rules are pretty powerful – you can use them to query other documents in your database as well as access the data of the current user.

All the content of your rules should go in the firestore.rules file at the root of your project. Inside this file all your rules need to be wrapped.

service cloud.firestore { match /databases/{database}/documents { // rules go in here ... } }

You then need to add rules for individual collections. One problem with writing firestore security rules is that I couldn't get PyCharm to provide syntax highlighting and syntax checking functionality. Using the web interface is a must – particularly the function which allows you to test your rules.

To match a specific collection

``` I've recently been working on a small blog (the code for which is released under a BSD 3-Clause license). As part of this, I've been looking into writing cloud security rules.

When writing security rules you write rules for adding documents to your database. The security rules are pretty powerful – you can use them to query other documents in your database as well as access the data of the current user.

All the content of your rules should go in the firestore.rules file at the root of your project. Inside this file all your rules need to be wrapped.

``` I've recently been working on a small blog (the code for which is released under a BSD 3-Clause license). As part of this, I've been looking into writing cloud security rules.

When writing security rules you write rules for adding documents to your database. The security rules are pretty powerful – you can use them to query other documents in your database as well as access the data of the current user.

All the content of your rules should go in the firestore.rules file at the root of your project. Inside this file all your rules need to be wrapped.

service cloud.firestore { match /databases/{database}/documents { // rules go in here ... } }

You then need to add rules for individual collections. One problem with writing firestore security rules is that I couldn't get PyCharm to provide syntax highlighting and syntax checking functionality. Using the web interface is a must – particularly the function which allows you to test your rules.

i