Firebasecloud~30 mins

Storage security rules in Firebase - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Firebase Storage Security Rules Setup

📖 Scenario: You are building a simple app where users can upload and view their own photos securely. You want to make sure that each user can only upload and read their own files in Firebase Storage.

🎯 Goal: Create Firebase Storage security rules that allow authenticated users to read and write only their own files under their user ID folder.

📋 What You'll Learn

Create a variable to represent the user's ID in the path

Add a condition to allow read and write only if the user is authenticated

Add a condition to allow access only to files under the user's own folder

Complete the Firebase Storage rules with proper match and allow statements

💡 Why This Matters

🌍 Real World

Securing user files in Firebase Storage is essential for apps that handle personal data like photos or documents.

💼 Career

Understanding and writing Firebase Storage security rules is a key skill for cloud developers and backend engineers working with Firebase.

Progress0 / 4 steps

Define the user ID variable in the path

Create a match block for the path /user_uploads/{userId}/{allPaths=**} and define the variable userId to represent the user folder.

Firebase

service firebase.storage {
  match /b/{bucket}/o {
    // Your code here
  }
}

Need a hint?

Use match to specify the folder path with {userId} as a variable.

Add authentication check

Inside the match /user_uploads/{userId}/{allPaths=**} block, add the allow read, write rule with the condition request.auth != null && request.auth.uid == userId.

Firebase

service firebase.storage {
  match /b/{bucket}/o {
    match /user_uploads/{userId}/{allPaths=**} {
      // Your code here
    }
  }
}

Need a hint?

Use request.auth != null to check authentication and compare request.auth.uid with userId.

Add read and write rules for user files

Write the allow read, write rule inside the match /user_uploads/{userId}/{allPaths=**} block that permits access only if the user is authenticated and their UID matches userId.

Firebase

service firebase.storage {
  match /b/{bucket}/o {
    match /user_uploads/{userId}/{allPaths=**} {
      // Your code here
    }
  }
}

Need a hint?

This rule ensures only the authenticated user can access their own files.

Complete the Firebase Storage security rules

Ensure the entire Firebase Storage security rules file includes the service firebase.storage declaration, the match /b/{bucket}/o block, and the match /user_uploads/{userId}/{allPaths=**} block with the allow read, write rule as specified.

Firebase

service firebase.storage {
  match /b/{bucket}/o {
    match /user_uploads/{userId}/{allPaths=**} {
      // Your code here
    }
  }
}

Need a hint?

Check that all parts of the rules file are present and correctly structured.