Search code examples
firebasefirebase-realtime-databasefirebase-securityfirebase-console

Enforce Rules in Firebase Realtime Database Editor

Overview

When using the Realtime Database in Firebase, I am able to edit and bypass rules. I see how this is convenient in some cases, but I would like to apply rules to manually submitted data as well.

Example

Here's the most simple write rule to disable writes anywhere. With the rule simulator, I am not able to write, as expected.

Can't Write in Simulator as Expected

However, even once I've saved the rule, I can still write in my database.

Can Still Write in Editor Unexpectedly

Today is my first day using Firebase rules. Am I confused about rules or is there no option to disable bypassing rules in the manual editor?

Solution

  • You will be able to write to the database manually from the console(no there is no option), but using the rules above ".write": "false", it means that the end user wont be able to write to the database.

    The person adding manually to the database, is usually the admin. That is why even if it is write:false it will still add to the database.

    But if for example you have this:

      Class
     randomid
      Keys:values

    Then the user that will create the class in his phone won't be able to send data to the database since write:false

    Even if you have this:

      {
"rules": {
      ".read": "false",
      ".write": "false",  
   }
 }

    You will still be able to see the data in the console, but the end user won't be able to read or write to the database.