I'm not understanding the logic behind the RTDB rules. All the examples show how to allow/deny access using user identification (docs). To me, the only layer of protection I need is to allow access from my Cloudfunctions script, and nothing more.
Is this possibile?
If you are accessing the realtime database using cloud functions only, you can simply remain in locked mode.
{
"rules": {
".read": false,
".write": false
}
}
As cloud functions use the admin SDK to access the realtime database, they are not affected by realtime database client access rules.