0
0
Firebasecloud~10 mins

Rule syntax and structure in Firebase - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - Rule syntax and structure
Start: Define rules block
Specify service (e.g., firestore)
Define match path (document or collection)
Set allow conditions (read, write)
Use expressions to check auth, data
Return true or false
End of rule block
This flow shows how Firebase security rules are structured: start with a rules block, specify the service, match data paths, set allow conditions, and return true or false to permit or deny access.
Execution Sample
Firebase
rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /users/{userId} {
      allow read, write: if request.auth.uid == userId;
    }
  }
}
This rule allows users to read and write only their own user document based on matching userId with their authentication ID.
Process Table
StepRule PartActionEvaluationResult
1rules_version = '2'Set rules versionVersion set to 2Success
2service cloud.firestoreSpecify Firestore serviceService identifiedSuccess
3match /databases/{database}/documentsMatch all documents in databaseWildcard {database} captures database nameSuccess
4match /users/{userId}Match user documentsWildcard {userId} captures user IDSuccess
5allow read, write: if request.auth.uid == userIdCheck if authenticated user ID equals userId in pathIf equal, allow accessAccess granted if true, denied if false
6End of rulesNo more rules to evaluateEvaluation completeRules applied
💡 Rules evaluation ends after checking all defined matches and conditions.
Status Tracker
VariableStartAfter Step 4After Step 5Final
rules_versionundefinedundefined'2''2'
serviceundefined'cloud.firestore''cloud.firestore''cloud.firestore'
databaseundefinedcaptured from pathcaptured from pathcaptured from path
userIdundefinedcaptured from pathcaptured from pathcaptured from path
request.auth.uidundefinedundefinedprovided by user authprovided by user auth
allowundefinedundefinedtrue if request.auth.uid == userIdtrue or false
Key Moments - 3 Insights
Why do we use wildcards like {userId} in match paths?
Wildcards capture parts of the path dynamically, allowing rules to apply to many documents without writing separate rules for each. See execution_table step 4 where {userId} captures the user ID.
What happens if the condition in 'allow' is false?
Access is denied if the condition evaluates to false. In execution_table step 5, if request.auth.uid does not equal userId, the rule returns false and denies access.
Can rules apply to multiple operations at once?
Yes, you can specify multiple operations like 'read, write' together in one allow statement, as shown in execution_table step 5.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table step 5, what condition must be true to allow access?
Arequest.auth.uid equals userId
Brequest.auth.uid is undefined
CuserId is empty
Drequest.auth.uid is different from userId
💡 Hint
Check the 'Evaluation' column in step 5 of execution_table.
At which step does the rule capture the userId from the document path?
AStep 2
BStep 3
CStep 4
DStep 5
💡 Hint
Look for 'Wildcard {userId} captures user ID' in execution_table.
If we remove 'write' from the allow statement, what changes in the rule behavior?
AUsers can only write their documents
BUsers can only read their documents
CUsers can read and write their documents
DUsers cannot read or write their documents
💡 Hint
Refer to the 'allow read, write' part in execution_sample and think about removing 'write'.
Concept Snapshot
Firebase rules start with a version and service declaration.
Use match blocks with wildcards to specify document paths.
Allow statements define read/write permissions with conditions.
Conditions use request.auth and path variables.
Rules return true to allow or false to deny access.
Full Transcript
Firebase security rules control access to your database. You start by setting the rules version and specifying the service, like Firestore. Then you define match blocks that point to document paths, using wildcards to capture dynamic parts like user IDs. Inside these matches, you write allow statements that say when read or write is allowed. These statements use conditions comparing the authenticated user's ID to the document's userId. If the condition is true, access is granted; otherwise, it is denied. This structure helps keep your data safe by ensuring users can only access their own documents.