What rule can I use to gain admin access to Firebase?

Asked

Viewed 39 times

-1

Hello I would like to know if there is any rule in firebase firestore, where only my project account can have access for modification, this without having to develop an authentication system, that is, the simple fact that I am logged in to google with my email account already gives me permission for such a feat...

https://firebase.google.com/docs/firestore/security/get-started?hl=pt-br

I searched that document, but apparently nothing close to what I want.

1 answer

1

you can use:

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if request.auth.email == seu_email
    }
  }
}

however I recommend using customClaims, which are parameters that are recorded next to firebase’s authentic token. for this you need to use firebase-admin

admin.auth().setCustomUserClaims(uid, {admin: true}).then(() => {
  // Os parâmetros irão se propagar tokens. talvez necessite de relogar com sua conta no app.
});

By doing this you can now use the security rules for the firestore (firestore Rules):

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if request.auth.token.admin == true
    }
  }
}

Now all documents can only be recorded and muddy by the administrator. more information on: https://firebase.google.com/docs/auth/admin/custom-claims#set_and_validate_custom_user_claims_via_the_admin_sdk

note: to access firebase-admin you will need a service account. https://firebase.google.com/docs/admin/setup#initialize_the_sdk

Browser other questions tagged

You are not signed in. Login or sign up in order to post.