Cloud Firestore and Cloud Storage Security Rules
Understand the details of Cloud Firestore and Cloud Storage Security Rules in this lesson.
We'll cover the following
Unlike Realtime Database Security Rules which are formatted using the JSON syntax, Cloud Firestore and Cloud Storage Security Rules take a different format. They begin with a service declaration that defines the scope of the Security Rules by identifying the Firebase product to which they apply. It then contains the match declaration using one or more match
blocks. These are used to specify the path to the document or file in the database or the storage bucket. The match
blocks contain allow
statements that determine the conditions to access the document or file in the path.
Cloud Firestore Security Rules
Cloud Firestore Security Rules use a syntax based on the match
and allow
statements that determine the access condition of the database.
The steps for writing Cloud Firestore Security Rules are outlined below:
- To begin writing Cloud Firestore Rules, we must first indicate a syntax version using the
rules_version
statement. This is important because the Security Rules will be evaluated asv1
if none is provided. For this course, we’ll focus onv2
. - Next is the
service cloud.firestore
declaration that defines the scope of these rules, which in this case is Cloud Firestore. - Now, we must define the match patterns to identify the path. From the Security Rules perspective, all documents in Cloud Firestore fall into the
/databases/{database}/documents
path. This path can be thought of as the root of the database. Therefore, it’s always the path defined in the firstmatch
block. Then, the nextmatch
block must contain the actual path to the document. While specifying paths, we can also declare possible wildcards in the paths using the curly braces, { }. These will match all documents existing on the defined path. - The
match
blocks containallow
expressions that determine the conditions to grant access to the defined path. These expressions require methods, likeread
orwrite
, to describe the nature of the database access:
Create a free account to view this lesson.
By signing up, you agree to Educative's Terms of Service and Privacy Policy