Firebasecloud~30 mins

Why security rules protect data in Firebase - See It in Action

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Why Security Rules Protect Data in Firebase

📖 Scenario: You are building a simple Firebase database for a small community app. You want to make sure that only authorized users can read and write their own data. This project will help you understand how Firebase security rules protect your data from unauthorized access.

🎯 Goal: Build Firebase security rules that allow users to read and write only their own data in the database.

📋 What You'll Learn

Create a Firebase database structure with user data

Add a variable to identify the current user

Write security rules that allow read and write access only if the user is authenticated and accessing their own data

Complete the security rules to enforce data protection

💡 Why This Matters

🌍 Real World

Firebase security rules are essential to protect user data in real apps, preventing unauthorized access and data leaks.

💼 Career

Understanding and writing Firebase security rules is a key skill for cloud developers and backend engineers working with Firebase.

Progress0 / 4 steps

Create the Firebase database structure

Create a Firebase database structure called users where each user has a unique ID and a name field. Use this exact structure: users: { 'user123': { name: 'Alice' }, 'user456': { name: 'Bob' } }

Firebase

# Create the Firebase database structure with users and their names
# Your code here

Need a hint?

Think of users as a folder with files named by user IDs. Each file holds the user's name.

Add a variable for the current user ID

Add a variable called request.auth.uid that represents the current authenticated user's ID in Firebase security rules.

Firebase

users: {
  'user123': { name: 'Alice' },
  'user456': { name: 'Bob' }
}
// Add the variable request.auth.uid below
# Your code here

Need a hint?

This variable is used in Firebase rules to check who is making the request.

Write security rules for user data access

Write Firebase security rules that allow read and write access only if request.auth.uid matches the user ID in the database path. Use match /users/{userId} and check request.auth.uid == userId for both read and write.

Firebase

users: {
  'user123': { name: 'Alice' },
  'user456': { name: 'Bob' }
}

// Write security rules to allow read and write only if request.auth.uid == userId
// Your code here

Need a hint?

This rule means users can only access their own data when logged in.

Complete the security rules to protect data

Complete the Firebase security rules by adding the rules_version declaration and enclosing the rules inside service cloud.firestore with the correct database path. Ensure the rules protect the users collection as specified.

Firebase

// Complete the Firebase security rules with rules_version and service declaration
// Your code here

Need a hint?

These lines are required for Firebase to understand and enforce your rules.