Develop Reference

How can give access to read but not write in firebase firestore settting rules

This is what I have in my rules setup but it does not allow me to view fetched data from firestore unless I'm logged in.
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /Photos/{PhotoID}/{document=**} {
allow read, write: if request.auth.uid != null
}
}
}

The request.auth.uid != null will return false if a user requesting data is not logged in with Firebase Authentication. If you want anyone to to fetch data then the rule should be allow read: if true;.
I'm not sure about your use case here but it's best to allow users to read/write their own data only. For that you'll need to store their UID somewhere in the document.
Then rules in your questions apply for Photos collection and all of it's sub-collection as you are using a recursive wildcard.

You may visit there docs here
Basics of firebase security rules
In addition to #Dharmaraj answer:
The code you provided above helps you check if user is logged in, if logged in then it allows both read and write operation else disallows/denies the operation.
Then if you want a free access to your database such that it will not check whether logged in or not , remove the if condition and only end the command with semicolon[;],
But be careful because if you allow both read and write access without checking if user is authenticated or not, then you endanger your data to the entire world.
To allow only read access:
rules_version = '2';
service cloud.firestore {match /databases/{database}/documents
{
match/Photos/{PhotoID}/{document=**} {
allow read:if true;
allow write: if false;
}
}
}
To allow only write access:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match
/Photos/{PhotoID}/{document=**} {
allow read: if false;
allow write:if true;
}
}
}

Firebase Security Rules: Allow if user uid exists in a collection as a document

I am collecting my admin users uid's as documents in "admins" collection. I want to allow users to read if they have their uid's in that collection as a document.
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /admins/{document=**} {
allow write; // Everyone should be able to write
allow read: if request.auth.uid == ; // Only read if /admins/{youruid}
}
}
}

You can use exists() to check if a document exists. Try refactoring your rules as shown below:
match /admins/{document=**} {
allow read: if exists(/databases/$(database)/documents/admins/$(request.auth.uid));
// Only read if /admins/{youruid}
}
You can read more about exists() in the documentation.

Firestore Security Rule for users with their own collection

What would be the best Firestore rules when users should only be able to read and write their own collections, i.e. the collection name is the same as the userId? Currently I have the following which works, but is it secure enough?
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{userId}/{document=**} {
allow read, write: if request.auth.uid != null;
}
}
}
I also tried the following which didn't work.
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{userId}/{document=**} {
allow read, write: if request.auth.uid == userId;
}
}
}

The first rule is indeed not sufficient, since there is no check on the collection name: any authenticated user can read all the collections named with any users' uid.
The second one should work for your requirements ("Users should only be able to read and write their own collections, i.e. the collection name is the same as the userId"). You are probably having an error somewhere else, e.g. with the code for writing or reading or for authenticating the user. You should share this code in order we double check it

Retrieve a document in firebase

I have a database at firebase and I would like to retrieve a particular document which I know its name (will be called documentA) and also I have a working rule at server.
How can I get a single document which fullfil the security rules? I am trying with: val docRef = db.collection("cities").document("SF").get() but I don't know how to include user auth.
Database has a structure like this
cars
|
|-documentA
|-documentB
|-documentC
Security rules:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /cars/{carId} {
allow read, write: if request.auth.uid == resource.data.userId;
allow create: if request.auth.uid != null;
}
}
}

Firebase user authentication is included automatically for users who are signed in. Other than writing the code to signing in the user, there is no code you can write to add authentication manually. If your security rules require an authenticated user, you will have to arrange for that sign-in before the query is made.

Firestore: Error: Missing or insufficient permissions when trying to match userid to document id

My database is built in a way that each User has his own document in users collection, that document's id is equal to the users id, and inside the document there is a collection of Tasks for each user.
when i use:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth.uid != null;
}
}
}
Everything works and a logged in user (i only log-in users with google provider) is able to read and write to the database, in his own collection of tasks (haven't tried writing to another user's tasks, but i assume it is possible in the given situation). But i want to restrict the users to only be able to write and read their own tasks, i tried the following:
service cloud.firestore {
match /databases/{database}/documents {
match /users/{user} {
allow read, write: if request.auth.uid == resource.id;
}
}
}
But it does not work.
a scheme of my database:
database
any ideas?