Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

How to access my data field in Firebase Security Rules

byMR
December 17, 2021

Security Rules

I am trying to grant permission based at a document field:

    match /users/{user}/{documents=**} {
            allow read, write: if resource.data.uid == request.auth.uid
    }

Firebase query

Here is how my query looks:

query(collection(db, "users", match.params.uid, "promotors"));

Error message

But I keep geting this message:

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel

FirebaseError: Missing or insufficient permissions.

>Solution :

Your query is not in any way checking the data in a field in the documents, so it will never meet this part of your rules: resource.data.uid.

Instead what you seem to have is a case where the document ID matches the UID of the user, which you can check with:

match /users/{user}/{documents=**} {
    allow read, write: if user == request.auth.uid
}

Also see the documentation on content owner only access.

byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading