I am given secure rules like given below. But when testing in rules playground. When reading & updating - Simulated denied.
{
"rules": {
"users": {
"$uid": {
".read": "$uid === auth.uid",
".write": "$uid === auth.uid"
}
}
}
}
I need to add json data according to my database structure. Given my realtime database structure. How to write secure rules for read & write?
Change your rules as below
"users": {
"$uid": {
".read": "$uid === auth.uid",
".write": "$uid === auth.uid"
}
Excellent documentation - https://firebase.google.com/docs/database/security
.read and.write rules cascade, so this ruleset grants read access to any data at path /foo/ as well as any deeper paths such as /foo/bar/baz. Note that.read and.write rules shallower in the database override deeper rules, so read access to /foo/bar/baz would still be granted in this example even if a rule at the path /foo/bar/baz evaluated to false.
Your rules don't allow a user to access the whole /users
collection. In your simulation, you can try accessing the /users/<uid>
location, that should work fine.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.