I have an app that uses Firebase and I have a few people that need to be able to update data in the Firebase Dashboard. Luckily, Firebase added the feature to add collaborators. But the problem is, I don't want these collaborators to have access to every node of the JSON. Is there a way that I can assign collaborators specific access to certain nodes of the data structure or no?
Any feedback would be great. Thanks!
Collaborators on the Firebase project/app have access to all data. There is no way to limit that.
It sounds like you are looking to add application administrator. For this you'll have to develop your own application dashboard, where you add such functionality. These application administrators are then just regular users of your app and you can use Firebase security rules to determine what data they have access to.
Very similar: Stopping accidental deletion of a firebase DB via Firebase Dashboard
Related
I have a Firebase Realtime Database that I connect to from my Java application using the Admin SDK.
In my project I have multiple databases, but for administrative reasons, I want to create separate service accounts for each one. In other words, I want the service account to have full database access, but only to one particular database.
I was hoping this could be done through Google Cloud IAM but I am having trouble finding how. I tried adding giving the service account "Firebase Realtime Database Admin" permission but with a condition of Name = //mydbname.firebaseio.com but that doesn't work. That is, my Java backend is not able to connect to the database with that condition in place.
Am I on the right track, just using the wrong name? Is there a better way to do this? Thanks.
firebaser here
There currently is no way to do control access per database instance through IAM. It sounds like a reasonable feature though, so I recommend filing a feature request for it.
The best I can think of for now is to authenticate with limited privileges when you initialize the Admin SDK and then check that identity in the security rules of each instance, but that means that the code could also choose to not pass a UID, which may be exactly what you're trying to avoid.
I am building a PWA (Web-App) and would like my client to be able to enter data such as new events into the Cloud Firestore, without me having to create a UI (ie. using the Firebase Console with permissions to only edit a collection).
It would also be alright to just grant permission to the whole Firestore for this user (as it's his data). I'm thinking of something like phpMyAdmin.
Would the user need a gmail-Account? I found something in the Project Settings (Users and Permissions - IAM).
Unfortunately this isn't possible in the Firebase or Google Cloud console. A user either has edit permission on Firestore as a whole, or they don't.
The console is focused on developers, and not a great fit for the type of use-case you're describing. The most common approach to such a use-case is to write a custom admin app for these users. If you don't feel like that, look at some of the existing admin panels or content management systems that build on top of Firebase out there.
I have an Flutter app that use Firebase as backend. Initially, a Firebase project and a collection is created to store data from different customers using the app. A key field "Customer" is use to separate the data among different users in the big pool.
In order to enhance the security and customise the billing incure in Firebase, I would like to separate different customer with their own Firebase account/project/database setup, the process is:
Whenever a new customer install the app and run it at the first time, the app will ask the customer to create his/her firebase account and then pass the account information to the app. Then, the app can consume the customer specific firebase for their private data storage.
Is there any experts can give me a hints how can I achieve this?
Thank you!
To programmatically create a project you can use this GCP create API and then link it to Firebase with this API. But they'd need an existing account already.
Alternatively you can have them create the account and project on their own through the console, and then use the list API to get a list of projects, have them pick one, and get the project config.
All of these are pretty raw APIs though, so you'll have to play around a bit to get the calls exactly right. Many of the REST APIs will have an API explorer link, which is typically helpful in figuring it out.
I have a Firebase app, and I want to know if it's possible to restrict a Firebase Console user to access only to the "Authorizations" tab. (to CRUD users). The access must be by the Firebase (regular) Web Console
Especially, I don't want the user to see the database data via the web console. Is that possible? I've managed to give him access to the entire project, and he can do anything I can do (is an Admin).
I haven't found nothing about this in the docs / searching.
firebaser here
Collaborators on a project currently have access to the entire Firebase Console. You can limit to having read-only access, but you currently can't limit what panels they have access to.
We've heard the request before and know this would expand the usefulness of the Firebase Console. I recommend that your file a feature request, to add your vote.
I have a Firebase app, and I want to know if it's possible to restrict a Firebase Console user to access only to the "Authorizations" tab. (to CRUD users). The access must be by the Firebase (regular) Web Console
Especially, I don't want the user to see the database data via the web console. Is that possible? I've managed to give him access to the entire project, and he can do anything I can do (is an Admin).
I haven't found nothing about this in the docs / searching.
firebaser here
Collaborators on a project currently have access to the entire Firebase Console. You can limit to having read-only access, but you currently can't limit what panels they have access to.
We've heard the request before and know this would expand the usefulness of the Firebase Console. I recommend that your file a feature request, to add your vote.