I recently inherited managing a firebase project and I am trying to recreate the project so I have a production and development version to use and while I was deploying my functions I got the following message:
Unable to set publicly accessible IAM policy on the following functions:
{insert long list of functions here that have the following format}
projects/{project name}/locations/us-central1/functions/{function name}
Unauthenticated users will not be able access this function.
Some common causes of this:
- You may not have the roles/functions.admin IAM role. Note that roles/functions.developer does not allow you to change IAM policies.
- An organization policy that restricts Network Access on your project.
Is this an error message or is it just stating that users of the app need to be logged in to use these functions?
Note: All these functions were created successfully and there were no error messages in the firebase console. And yes, I am an owner/admin user to the firebase project.
TLDR: You need higher google cloud permissions to alter your functions so that they can be triggered by any user.
In order for a function to be called from your server or client or some other source it has to have 'publicly accessible permissions'. When I uploaded the functions originally I was logged in from an account that didn't have permissions to set those policies and because of that I wasn't able to modify them, hence the error message. These are permissions are set in your google cloud dashboard. Here are some steps for how to change it.
The following is from google cloud:
Go to Google Cloud Console
Click the checkbox next to the function in which you are interested.
Click Permissions at the top of the screen. The Permissions panel opens.
Click Add member.
In the New members field, enter one or more identities that need access to your function. This is usually a user or service account email.
Select a role (or roles) from the Select a role drop-down menu. The roles you select appear in the pane with a short description of the permissions they grant.
If you want to make the function accessible for all authenticated users (which is usually what you want for most apps) set the member to allUsers and the role to Cloud functions invoker
A note: IAM permissions are separate from firebase or app permissions. They are permissions to trigger/modify/view information in google cloud.