Search code examples
google-cloud-firestorefirebase-security

Firestore how to prevent creating new collections?

We know how to write secure rules to limit actions on a collection, but, how to deny creations of new collections?

Solution

  • To allow only writing to specific collections in your security rules is a two-step process

    1. Fist disallow writing to any documents at the top-level.
    2. Then selectively allow writing documents in the collections you want to allow.

    For example (allowing access to a users collection only):

    service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if false;
    }
    match /users/{userId} {
      allow read, update, delete: if request.auth != null && request.auth.uid == userId;
      allow create: if request.auth != null;
    }
  }
}