I have a consultant working an app. The app uses Firebase db to do crud operations. While the project is heading to completion I want to ensure that the consultant does not have access to the firebase db. And he cannot access it via the application either.
Based on some research, I can remove the consultant access from Firebase but I am not clear on how to restrict him from running any operations using the code/google-services.json file.
Thanks
Related
An app developer has written some code for me that is hosted on Firebase. I want access to the code and so they have apparently given me admin access.
It's a simple question, but I can't figure out how to access the project. I log into the console:
I see how to "create a project", but I don't know how I can access an existing project. I'm assuming thinking about this whole thing in the wrong way somehow. I would appreciate any help.
You typically have two types of administrators in an app built on Firebase:
Project/Firebase administrators who access the project in the Firebase console, and can access the backend view of the services there. This is typically used by the developers on the project, and early administrators. To access the Firebase console, you will sign in with a Google account on console.firebase.google.com.
Application administrators, who use a custom-built interface to manage typical application operations, such as giving roles to users, upgrading accounts, etc. For this type of functionality, you will sign in to the custom built application with a Firebase Authentication account.
The email you got came from Firebase Authentication for an account that was created inside the project. There is no way for this account to be a Firebase administrator or even collaborator on the project, so it was more likely meant as an application administrator. This means that any functionality this allows you to access will have to have been built as part of the app itself, and not in the Firebase console.
updaterequest(messagemap) async {
await FirebaseFirestore.instance
.collection("mentor")
.doc("request")
.update(messagemap)
.catchError((e) {
print(e.toString());
});
}
This is a code used to update some value in your firebase collections. You can use get instead of update to retrieve data from firebase collection. There is also some function like add,remove,set it can be used instead of update command.
I am new to firestore database and I have developed an app in android studio accessing data from firestore database. My application has 2 types of user category 1. Admin 2. Users
I have implemented Mobile number authentication logic using API of sms service provider. I am not using google's firebase authentication. How should I write the rules for the firestore database I am unable to understand.
Admin --> can read and write to all collections
Users --> can read all collections but write only few collections
Can anyone guide me how can I achieve this.
I think a good place to start is here.
https://firebase.google.com/docs/firestore/security/get-started
We are developing a mobile application with a Firebase backend for a client organization. They want their organization's data hidden from the developer team. The firebase database is used by a flutter mobile application.
My current idea is to develop the app in an entirely different google account, and to swap configuration to clients google account when deploying, and deploy the cloud functions under their supervision. But there must be a easier way!
Can you guys suggest an elegant way to achieve this data privacy requirement of the clients?
What you want here is to utilize IAM roles in the project to restrict access. The client can own the project and grant limited access to the developers through roles that can be assigned.
They could give permission to deploy cloud functions without being able to read the entire Firestore database, as an example.
I'd recommend creating a second staging or "non-production" project that developers have full access to as well, since developing when you can't use the Firestore data viewer or have admin read access can be very difficult.
I have created/forked a lil Google Apps Script Library to manage Firebase Firestore and Firebase Remote Config called FirebaseGoogleAppsScript. The goal is to simply manage the contents of your collections in an apps script as well as update your remote config.
My issue is I can't get the a service account to do both.
Firebase creates two service accounts upon creating a project:
The first is listed in the Firebase Console -> Project Settings -> Service Accounts. This one I use within my cloud functions to retrieve the Remote Config just fine. However in the Apps Script Project it is unable to retrieve any data from firestore. I tried adding all kinds of roles including Owner and Editor yet no firestore data, but I still can get the RemoteConfig.
The second is only visible in the GCP service accounts and has the title: Firebase Admin SDK Service Agent with the roles Firebase Admin SDK Administrator Service Agent and Service Account Token Creator. This one is able to retrieve all the data from firestore within an Apps Script Project. However in the apps script project I can't get it to retrieve the RemoteConfig even if I add the role Firebase Remote Config Admin.
I have also made my own service account which was able to get the Remote config and just about everything else from Firebase except the Firestore data. Seems only the one service account created by Firebase is able to get any data.
To recreate the issue simply deploy my lil FirebaseGoogleAppsScript project and associate it to the same GCP project Firebase is connected to. There is a test file in it which can recreate the issue assuming you have some data in RemoteConfig and a collection called posts with some docs.
What the heck is going on here? Why can't I make a service account who can access Firestore and RemoteConfig? Any ideas on what to do to create a proper role to do both? Do I really have to use two separate service accounts?
I just deleted my flutter app from firebase console , but it is still working and changing data in the realtime database.
Can anyone tell me how its still connected with the firebase?
Thanks
According to Firebase documentation, when you delete an app:
Corresponding API keys or OAuth clients are NOT deleted. You can clean
up the API keys or OAuth clients in the Google APIs console
credentials page. Deleting these resources will break installed
applications: your users will no longer be able to authenticate or
sign in.
Access to the realtime database is not limited to apps that are registered in the Firebase console. Any code that has the proper configuration for your database, can try to access that database. If you want to be more selective in who can access the database, you will need to do this with Firebase's server-side security rules, typically in combination with Firebase Authentication.