I would like to use data in the realtime database to allow user access in the firestore database. Is it possible to reference nodes in the realtime database from the firestore security rules?
It is currently not possible to cross between database products like this in security rules. Please feel free to file a feature request for this.
You can, however, write code to run on Cloud Functions that deals with database changes after the change has happened, and undo or restrict the change there.
Related
I have my mobile app connected to Firebase realtime database with read access to everyone (read = true).
Will this be a problem in the future since you pay for what you use and users can do a lot of searches in there?
What can I do to protect this from happening and not go over "the budget"?
Thanks!
Firebase Realtime Database Security Rules determine who has read and write access to your database, how your data is structured, and what indexes exist. These rules live on the Firebase servers and are enforced automatically at all times. Every read and write request will only be completed if your rules allow it. By default, your rules do not allow anyone access to your database. This is to protect your database from abuse until you have time to customize your rules or set up authentication.
I'm trying to install the Firebase Delete User Data extension. I only use Firestore so I don't need Realtime Database but to configure the extension, an instance of the realtime database is required.
I have the realtime database disabled. In order to finish the installation of the extension I have put the name of my firebase project to test.
Question: What instance do I really have to introduce if I don't use the realtime database?
Thanks in advance.
Hmm... that looks like something they should change in the extension, so I recommend filing a report on the [Github repo](https://github.com/firebase/extensions.
For the moment, you'll have to create a Realtime Database instance in the console, and then select it here. You can select completely disabled security rules for the database, to ensure nobody can write data to it from the client-side SDKs.
I have migrated data to firebase storage, which have structure like:
<fileId>/<filename>
I can store fileIds associated with user in firebase database like:
<userId>/<fileids>
Is there anyway I can get something like auth.uid/fileids from firebase database in security rules of firestorage, to only allow to read file to auth user, if fileIds belong to him. If not, what all options are available to achieve the same and which one is best among them?
It's currently not possible to use data from databases in your Cloud Storage security rules. You can only use information about the object stored in the bucket.
You could instead write a backend API that performs all the checks and then operates on the object in storage, or store information about the file in its metadata for use in rules.
I was wonder is there any rules I need to follow in Firebase Realtime Database like in a normal table-style database? It is my first time using document-styled database. Is it I can structure my table on my own as long as there is no problem in retrieve and save data? Thanks in advance for everybody who guides me. :)
The Firebase Realtime Database is a schemaless database. By default you can store any valid JSON data in it.
You can however control what data can be written by clients, by using Firebase's server-side security rules. These allow you to declaratively control both who can read/write data, and what data they can write.
For more on this, see:
the overview documentation on Firebase's security rules
the detailed documentation on security rules for the Realtime Database
this video on security rules, which is the first in a new series.
I had already saved all data like users or rooms contents on Firebase Database. Now I want to move all posts to Cloud Firestore for better queries.
But,
Can I take conditions from Realtime Database?
I mean all users data are in realtime database. So I want to get some informations from there, then decide whether it's accessible or not.
The security rule systems are different between Realtime Database and Firestore. There is currently no easy to way to simply copy from one to the other, or to make one recognize the other. If you're porting your data to Firestore, you'll have to write new rules by hand that functionally match the ones you were using in Realtime Database.
No, this isn't functionality that exists. You'll need to have migrated the data that the rules depend upon to Cloud Firestore first.