The Firebase Realtime Database provides a flexible, expression-based rules language with JavaScript-like syntax to easily define how your data should be structured, how it should be indexed, and when your data can be read from and written to. Combined with our authentication services, you can define who has access to what data and protect your users' personal information from unauthorized access.
Configuring rules
You can find and change the rules for your database in the Firebase console. Simply choose your project, click on the Database section on the left, and then select the Rules tab. If you would like to test your security rules before putting them into production, you can simulate operations in the console using the Simulate button in the upper right of the rules editor.
You can also update your rules using our Command Line Interface. This is especially useful if you want to update your rules programmatically, such as from an automated deployment system.
Sample rules
By default, your database rules require Firebase Authentication and grant full read and write permissions only to authenticated users. The default rules ensure your database isn't accessible by just anyone before you get a chance to configure it. Once you're set up, you can customize your rules to your needs. Here are some common examples:
Here's an example of a rule that gives each authenticated user a personal node at /users/$user_id
where $user_id
is the ID of the user obtained through Authentication. This is a common scenario for any apps that have data private to a user.
// These rules grant access to a node matching the authenticated
// user's ID from the Firebase auth token
{
"rules": {
"users": {
"$uid": {
".read": "$uid === auth.uid",
".write": "$uid === auth.uid"
}
}
}
}
It is essential that you configure these rules correctly before launching your app to ensure that your users can only access the data that they are supposed to.
Next steps
- Learn more about securing your data using security rules.
- Learn more about specifying indexes using rules.