Every queries (at least from the REST API) seems handled like admin query when access_token is set (even with a dummy value), ignoring any rule: { "rules": { ".write": false, ".read": false } } i database: Change detected, updating rules for my-project-default-rtdb… + database: Rules updated. POST http://localhost:9000/test.json?ns=my-project-default-rtdb=>401 Unauthorized POST http://localhost:9000/test.json?ns=my-project-default-rtdb&access_token=foo=>200 OK Rules appear loaded… Read More Firebase realtime database emulator ignoring rules when access_token is set in REST query?