I have created a demo realtime database on firebase console. There is no data in it yet. I want to deactivate & delete this demo realtime database, but don't know how.
The Disable button is grey, indicating I need to remove data before disabling. But I cannot find the data anywhere.
Check if this post is usefull.
It seems that all you have to do is set these rules in the rules tab of your database:
{
"rules": {
".read": false,
".write": false
}
}
Related
I updateProfile with a display name. I then try to access this display name in the database security rules. But the displayName on the database is not updated.
This is using Firebase realtime DB with Flutter.
Code:
await referencedData.firebaseAuth.currentUser.updateProfile(
displayName: 'gameName' //that only the players know about
);
In my rules I have:
".write": "!data.exists() ||
auth.displayName == data.child('gamename').val()",
//rules meaning no data exists, so owner can create a new game or
//game name already set in database, I know this gamename, and it is in display name, so I can write and delete
I have spent 3 days or more searching for documentation or examples. Any ideas on where to look?
All properties are available under auth.token, and the display name is available under auth.token.name.
So:
".write": "!data.exists() ||
auth.token.name == data.child('gamename').val()",
Also see the Firebase reference documentation for auth.token.
I am using the firebase for store some users data. So now i want to delete old data with check 'last_ubdated' time < 5 min. please help for create the firebase rule for this. below is my data structure.
I have created the rule, but its not working properly.(code is below)
{ "rules": {
".read": true,
".write": true,
"$drivers":{
".indexOn": ["driverId"],
".write": "newData.exists() || data.child('last_updated').val() > (now)",
} } }
Firebase security rules can't change any data after it's been added. They only take effect at the time data is read or written by the client. If you want to arrange to delete something on a schedule, you will need another solution.
See also: Cloud Functions for Firebase trigger on time?
As Doug said, security rules can't change the data. They merely affect what (read and write) operations are allowed.
An alternative would be to use a query to only request nodes that have not expired, and then use security rules to ensure only that query is allowed. For an example of that, see my answer here: How to make data unreadable once the time indicated on its time stamp has passed?
I have 2 questions related to firebase realtime database.
Q1) Is it possible to hide a certain node from public and only one person have access to that node ?
( I want to save a transaction key in database and only 1-2 persons can access that key from database. )
Q2) If my security rules for database are set to public, can anyone download/access complete data or they must know the structure in order to access data from database.
A1/ Yes it is possible to limit access to a certain node to a only subset of users. There are several approaches for that. If it is a small and more or less stable subset of users, you can check if their uid is contained in a specific node listing the admin users uids, as shown below:
{
"rules": {
"secretnode": {
//only an admin user can read
".read": "auth != null && root.child('adminusers/' + auth.uid).exists()"
},
"adminusers": {
".read": false,
".write": false
},
"othernodes": {
".read": true,
".write": true
}
}
}
And, for example, in the database you save the admin uids as follows:
DBRoot
- adminusers
- uid1
- name: "aaaaaa"
- otherDataItem: "xxxxxx"
- uid2
- name: "bbbbb"
- otherDataItem: "yyyy"
A2/ Yes, if your security rules for database root are set to public, "anyone (can) download/access complete data". Note that, as explained in the documentation:
Shallower security rules override rules at deeper paths. Child rules
can only grant additional privileges to what parent nodes have already
declared. They cannot revoke a read or write privilege.
In other words, this means that if your security rules for the database root are set to public anyone can download the full JSON tree representing your data, without the need to know its structure.
This question already has an answer here:
does the firebase database online editor ignore security rules
(1 answer)
Closed 5 years ago.
Overview
When using the Realtime Database in Firebase, I am able to edit and bypass rules. I see how this is convenient in some cases, but I would like to apply rules to manually submitted data as well.
Example
Here's the most simple write rule to disable writes anywhere. With the rule simulator, I am not able to write, as expected.
However, even once I've saved the rule, I can still write in my database.
Today is my first day using Firebase rules. Am I confused about rules or is there no option to disable bypassing rules in the manual editor?
You will be able to write to the database manually from the console(no there is no option), but using the rules above ".write": "false", it means that the end user wont be able to write to the database.
The person adding manually to the database, is usually the admin. That is why even if it is write:false it will still add to the database.
But if for example you have this:
Class
randomid
Keys:values
Then the user that will create the class in his phone won't be able to send data to the database since write:false
Even if you have this:
{
"rules": {
".read": "false",
".write": "false",
}
}
You will still be able to see the data in the console, but the end user won't be able to read or write to the database.
Remove the last comma.
{
"rules": {
".read": "false",
".write": "false"
}
}
and publish changes, than test.
Note that you can add values anyway, because you own that database and use it from console. If you use it from a SDK (Android, iOs, Node, etc), you won't be able to write data.
I am trying to secure my firebase database to allow the creation of new records, but not allow the deletion of existing records. Ultimately, I plan to utilise Firebase authentication in my app as well, and allow users to update existing records if they are the author, but I am trying to get the simple case working first.
However! No matter what I try in the database rules simulator, despite what the documentation seems to suggest, the value of data.exists() seems to always be true. From what I what I can understand from the documentation, the variable data represents a record in the database as it did before an operation took-place. That is to say, for creates, data would not exist, and for updates/deletes, data would refer to a real record that exists in the database. This does not seem to be the case, to the point where I am actually suspecting a bug in Firebase, as when setting the following rules on my database, all write operations are disallowed:
{
"rules": {
".read": true,
".write": "!data.exists()"
}
}
No matter what values I put into the simulator, be it Location or Data. I have even written a small EmberJS app to verify if the Simulator is telling the truth and it too, is denied permission for all write operations.
I really have no idea where to go from here as I am pretty much out of things to try. I tried deleting all records from my database, which lets the simulator think it can perform write operations, but my test app still gets PERMISSION_DENIED, so I don't know what's causing inconsistencies there.
Is my understanding of the predefined data variable correct? If so, why can't I write the rules I want? I have seen snippets literally trying to achieve my "create only, no-delete" rule that seem to line up with my understanding.
Last note: I am trying this in a totally new Firebase project with JUST the rules above, and only ~a few records of junk data laying around my database.
Because you have placed the !data.exists() at the root location of your database, data refers to the entire database. You will only be able to write to the database when it is completely empty.
You indicate that you run your tests with only a few records of junk data laying around my database. Those records will cause data.exists() to be true.
You can achieve your goal by placing the !data.exists() rule in your tree at the specific location where you want to require that no data already exists. This is typically done at a location with a wildcard key, as in the example you linked:
{
"rules": {
// default rules are false if not specified
"posts": {
".read": true, // everyone can read all posts
"$postId": {
// a new post can be created if it does not exist
// existing posts can only be edited by their original "author"
".write": "!data.exists() && newData.exists() || data.child('author').val() == auth.uid",
".validate": "newData.hasChildren(['title', 'author', 'timestamp'])",
}
}
}
}