Firebase Cloud Firestore Security Rules

App Development
1

I am having trouble setting up security rules that allow the user to generate the document path below in Cloud Firestore:

“Collection Name1/Document Name1/Collection Name 2/…more documents and collections”

Collection Name 2 is generated using the users authenticated user Id.

When I initially built the app I had essentially set no security rules and my app worked fine, allowing the generation of documents in the above path.

However, I am trying to set security rules allowing only the authenticated user to read and write documents to the above path and I can’t figure out how to do it. Below is an example of what I have tried:

rules_version = ‘2’;
service cloud.firestore {
match /databases/{database}/documents {
match /Collection Name1/Document Name1/{userId} {
allow read, write: if request.auth.uid == userId;
}

match /users/{userId} {
allow read, write: if request.auth.uid == userId;
}
}
}

Unfortunately I get error messages stating “The caller does not have permission”.

The second match statement above works fine but the userId is a document, not a collection. Is this the problem (i.e., I can’t apply security rules to collections)?

Any help/advice is greatly appreciated.

2

Did you ever figure this out? I’m currently writing mine!

3

Yes I did.

4

Hi could you please help me how you figured it out I have also read lots of info but don’t seem to get it work I have normal login on app but now I want admin n normal user to access certain pages only.
Thanks

5

Hi, sorry but I am not really familiar with the security rules. I was able to figure it out for my application. But I haven’t looked at how you provide admin users different access than a normal user. I am sure there is a way of specifying that.

In my case i am the only administrator so I just go right into Firestone to do whatever I need to do. This then lets me set rules for the normal user based on the path for the information that I want the user to have access too and then also identify whether the user had read access only or read write access.

If you want the admin to access certain information that a normal user cannot then you can always put that information in a different collection or path and not provide access to a normal user.

Sorry I can’t be if more help.