Firebase Database Rules allow you to manage the read and write access permissions to your database. They also help you define how your data will be validated, such as whether it has valid datatype and format. If your rules allow, only then will read and write requests be completed. By default, your rules are set to allow only authenticated users with full read and write access to your database.
Firebase Database Rules have a JavaScript-like syntax and come in four types:
|
.read |
It determines whether data is allowed to be read by users and when. |
|
.write |
It determines whether data is allowed to be written by users and when. |
|
.validate |
It validates whether a value is correctly formatted, has child attributes, and its data type. |
|
.indexOn |
It determines whether an index exists on a child to support faster querying and ordering. |
You can access and set your rules from the Database || Rules tab in your Firebase Console:
There are three steps to Firebase Realtime Database security:
- Authentication of users
- Authorization of users - control access to data
- Validation of user inputs