Firebase Realtime Database Rule Templates


 Firebase Realtime Database decides who can access your database . These rules are hosted on Firebase servers and are applied automatically at all times and you can change the rules of your database in Firebase console . To Edit or view your database rules you simpy have to select your project and click database and on the left side you would find rules tab just select it . and mobiles just enable desktop mode in chrome or your browser.




if u really want to learn about writing rules and getting more deep inside it you can always go to the Firebase Docs . It would be very helpfull to create  your own secure rules for your database.

Sample Rules Templates 

Full Security 
This is the default rule provided by firebase . It does not allows read or write access to anyone . If you are using these rules , only you can access data through your firebase console .

1
2{
3 “rules”: {
4.read”: false,
5.write”: false
6 }
7}

No Security

This rule allows everybody to access your data and you can use these rule during the development time But if you publish your app with This rule , anybody can access your data And can erase or steal important data , so remember to never publish your app along with this rules !


1{
2 “rules”: {
3.read”: true,
4.write”: true
5 }
6}

Only Logged In users 

This rule allows only Authenticated or logged in users to read or write on your database. so this means if your user is not logged in on your app  , then he would not  be able to access your data .


1{
2 “rules”: {
3.read”: “auth != null”,
4.write”: “auth != null
5 }
6}

Logged In users from A specific domain

This rules allows users to access your data who have logged in with a specific domain like @gmail.com . For example if u only want users logged in with @gmail.com domain in their email to access your data and not other domains then this rules works that way .

//replace @sketchub.in with your desired domain {
“rules”: {
.read”: “auth.token.email.endsWith(‘@sketchub.in’)”,
.write”: “auth.token.email.endsWith(‘@sketchub.in’)”
}

}

own data only

With these rules, we control access
to the user records to logged-in users.
Not only that, but users can only read or write their own data.
We do this with a wildcard: $uid. This is a variable that represents the child key
(variable names start with $). For example, accessing the path /users/user1, $uid is
"user1".


{ "rules": { "users": { "$uid": { ".read": "$uid === auth.uid", ".write": "$uid === auth.uid" } } } }


Only able to write if using gmail and verified

In this security rules you can access both the email address and whether it is verified, 
which makes some great use-cases possible. With these rules for example
 only an authenticated, verified gmail user can write on database

{
  "rules": {
    ".read": "auth != null",
    "gmailUsers": {
      "$uid": {
        ".write": "auth.token.email_verified == true && 
                   auth.token.email.matches(/.*@gmail.com$/)"
      }
    }
  }
}

1 comment:

Powered by Blogger.