Search code examples
google-cloud-firestorefirebase-realtime-databasefirebase-security

Access firestore from RealtimeDB rules

I wonder if it's possible to control the access to some realtime DB nodes based on firestore documents.

Example Firestore User

{
    Name: "Roger Mac",
    ...
    isAdmin: true,
    isUser: true,
    isLeader: false
}

There is some node in my Realtime DB and I need it to be accessible only to Admins. Is there something in firebase rules like this?

Firebase Realtime Rules

{
  "rules": {
    ".read": false,
    ".write": false,
    "AdminsOnly":{
      ".read":"firestore.child('Users').child(auth.uid).child(isAdmin).val() == true"
    }
}
Solution

  • There is currently no way to access Firestore documents from within Realtime Database security rules. It's a valid scenario though, so I recommend filing a feature request for it.

    Until then, the only real option would be to mirror the relevant data from the Firestore documents in the Realtime Database (I'd use Cloud Functions for this) and then read it from there through the data, newData and root properties.