How to only allow a specific user to create new users in Firebase?
Question
There are a lot of posts and discussions about restricting read/write access to specific users in the Firebase real-time database. However, I am not able to find a way to restrict the creation of new users to only a specific user/admin.
My application consists of a manager and employees. Only the manager should be able to add new users (employees) to the database along with having access to specific data which employees cannot access. From my understanding, the API which Firebase provides means that any client can create new users.
Could someone please guide me on how I can achieve this?
1 answers
solution1
1 ACCPTED 2018-09-18 09:53:25
You can do as follows:
Firstly, create an admins node in your database to which you add the admin/manager user(s) with their userId, as follows:
- admins
- Br8kiG5....
- users
- Abcd88676....
- ....
- JHgU76hgh....
- ....
Secondly, set-up some security rules as follows,
{
"rules": {
"users": {
".write": "auth != null && root.child('admins').hasChild(auth.uid)",
".read": .....
".indexOn": .....
},
.....
}
}
Thirdly, implement the Firebase authentication in your app and only the user(s) listed under the admins database node will be able to write under the users node.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.