androidfirebasefirebase-realtime-databasefirebase-security
How can I set up my firebase rules so only content-owners have read and write to their data?
I have checked the documentation but I am not sure how to apply that rule to my specific data structure, please check how my data is organized and provide me the rules as it is supposed to go.
I am using realtime Database, in my app code I write and read base on the user ID, but firebase keeps telling I should change my rules.
Solution
To apply the rules in the documentation on content-owner only access to your structure would take:
{
"rules": {
"Expenses": {
"$uid": {
// Allow only authenticated content owners access to their data
".read": "auth != null && auth.uid == $uid"
".write": "auth != null && auth.uid == $uid"
}
},
"Users": {
"$uid": {
// Allow only authenticated content owners access to their data
".read": "auth != null && auth.uid == $uid"
".write": "auth != null && auth.uid == $uid"
}
}
}
}