Search⌘ K
AI Features
Home
Courses
Full-Stack Web Applications with Firebase

Cloud Firestore Security

Explore how to implement Firestore security rules to ensure each signed-in user can only access their own to-do list. Understand rule matching, wildcards, and authorization logic to keep user data secure in your applications.

We'll cover the following...

Change Your Rules #

For your to-do list, we can set our rules like you see below so that the user who is signed in only has read and write access to their specific list of to-do items.

XML
rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /to-do-lists/{listUID}/{document=**}{
     allow read, write: if request.auth.uid == listUID
    }
  }
}

Let’s Break This Down #

Match the Database

...