Looking for best practices info on securing Firebase console. I'm building an application with sensitive data in Firestore. We've got good rules around client access - but my concern is how to secure Firebase console. It doesn't seem that Firestore rules apply in console (I can understand that). But I haven't seen anyway to add granular security in console. It seems that if I give a user View access, they have everything.
Is there a way to get granular with what a console user has access to?
There isn't any security rules concept for Firebase console. You should only add authorized users to your Firebase project's team. If you need to restrict access without building a custom client yourself, try using a CMS like Flamelink.