39

I have a page that is calling addCheckin() method which is inside a controller. In the controller, I am trying to create a reference as follows:

var ref = firebase.database().ref("users/" + $scope.whichuser + "/meetings/" +$scope.whichmeeting + "/checkins");

$scope.whichuser and $scope.whichmeeting are the $routeParams that I am passing from another route. Here's my checkin controller-

myApp.controller("CheckinsController",
    ['$scope','$rootScope','$firebaseArray','$routeParams','$firebaseObject',
    function($scope,$rootScope,$firebaseArray,$routeParams,$firebaseObject){

        $scope.whichuser = $routeParams.uid;
        $scope.whichmeeting = $routeParams.mid;

        var ref = firebase.database().ref("users/" + $scope.whichuser + "/meetings/" +$scope.whichmeeting + "/checkins");

        $scope.addCheckin = function(){
            var checkinInfo = $firebaseArray(ref);
            var data={
                firstname:$scope.firstname,
                lastname:$scope.lastname,
                email:$scope.email,
                date:firebase.database.ServerValue.TIMESTAMP
            }

            checkinInfo.$add(data);
        }

}]);/*controller*/

There are two errors that I am getting here-

Error 1:

Error: permission_denied at /users/Vp2P1MqKm7ckXqV2Uy3OzTnn6bB3/meetings: Client doesn't have permission to access the desired data.

Error 2:

Error: permission_denied at /users/Vp2P1MqKm7ckXqV2Uy3OzTnn6bB3/meetings/-KT5tqMYKXsFssmcRLm6/checkins: Client doesn't have permission to access the desired data.

And this is what I am tring to achieve-

enter image description here

Aakash Thakur
  • 3,837
  • 10
  • 33
  • 64
  • 3
    Please add your firebase rules to your question. Those are actually causing the permission denied errors. – André Kool Oct 04 '16 at 11:58
  • 3
    In addition to giving the rules. You've included a picture of the JSON tree in your question. Please replace that with the actual JSON as text, which you can easily get by clicking the Export button in your Firebase Database console. Having the JSON as text makes it searchable, allows us to easily use it to test with your actual data and use it in our answer and in general is just a Good Thing to do. – Frank van Puffelen Oct 04 '16 at 14:44
  • `{ "rules": { ".read": true, ".write": true } }` @AndréKool – Aakash Thakur Oct 04 '16 at 15:24

12 Answers12

44

Go to Firebase console of your app

Select Database From Side Menu --> Select Rule From tabs above --> Update your rule like this 

{
    "rules": {    
        ".read": true,
        ".write": true
    }
}

hope it solve your problem . thanks :)

Ujjwal kaushik
  • 1,618
  • 11
  • 17
  • 71
    While this will remove the error, it will make the database readable and writeable to the world. It'd be nice if you include a warning to that effect when making this recommendation. – Frank van Puffelen Oct 04 '16 at 14:44
  • Errors went away. But still nothing gets stored in the database. @ujjwal – Aakash Thakur Oct 04 '16 at 15:22
  • @Akash You are using add function , rather you should be using update .. In this case of yours .. this is multi path update – Ujjwal kaushik Oct 04 '16 at 15:31
  • But there is no such method as `update` in `firebaseArray` documentation. @Ujjwalkaushik – Aakash Thakur Oct 04 '16 at 17:29
  • Worked for me :) – Naveen Kumar V Feb 23 '18 at 16:14
  • 2
    In case anyone else gets confused (or maybe it's just 2am..), The Firebase 'Realtime Database' and the new 'Cloud Firestore [Beta]' services are completely separate entities with different APIs. The equivalent rules for 'Cloud Firestore' can be found [here](https://firebase.google.com/docs/firestore/security/get-started?authuser=0'). In my case I had this configured correctly, but was attempting to use the 'Realtime Database' API where I hadn't adjusted the corresponding rules. – Visualise Jun 29 '18 at 14:28
  • @Visualise Indeed it is 2.00 AM. Thanks a lot for the comment. I was rolling my head all over and going crazy to understand what the issue was. I was trying to access the 'cloud firestore' but in fact I wanted to use the 'realtime database'. – ExpectoPatronum Sep 05 '18 at 21:33
  • Anyone with your database URL will access your data by this method. Please don't use this. This isn't the solution to your problem – Vikas NS Oct 18 '18 at 15:19
  • Can't believe this is the most voted answer, this is a crucial security issue! – mrvnklm Dec 20 '19 at 05:14
14

Firebase project by default starts with Firestore as database.

This issue can happen if the application uses "Firebase Realtime Database" and permission for it are not configured. Read and write permission for Firebase Realtime Database should be explicitly granted.

To do so, in Firebase console, Database > Pick "Realtime Database" instead of "Firestore Beta" from the dropdown beside Database > Rules > Set 

{
/* Visit https://firebase.google.com/docs/database/security to learn more about security rules. */
"rules": {
".read": true,
".write": true
}
}

Hope that help!

kundan
  • 1,278
  • 14
  • 27
  • thanks that helps { /* Visit https://firebase.google.com/docs/database/security to learn more about security rules. */ "rules": { ".read": true, ".write": true } } – chia yongkang Jan 01 '20 at 11:36
  • "Firebase project by default starts with Firestore as database." is not applicable if you direct link to the database url example: databaseURL: "https://project-xyz.firebaseio.com", – Spencer Shattuck Oct 19 '20 at 22:25
10

As all provided answers include a security issue where everyone could write / delete entries in your database, which for instance could cause extensive costs and or complete loss of data, when used in a bad way.

Of course you need to use firebase authentication features to use those rules, but preventing write access for anonymous should be default. The following rule provides read access to everyone while keeping security.

{
    "rules": {
        ".read": true,
        ".write": "auth.uid != null"
    }
}
mrvnklm
  • 1,348
  • 2
  • 10
  • 19
6

None of these answers provide the most secure way to set up the Realtime Database.

  • You don't want anyone to randomly access or write to your database
  • Even if the user is authenticated, you don't want them to access other's data

This rule should address all the cases:

{
  "rules": {
    "users": {
      "$uid": {
        ".read": "$uid === auth.uid",
        ".write": "$uid === auth.uid"
      }
    }
  }
}
Nirmal
  • 9,391
  • 11
  • 57
  • 81
3

Please register your self in firebase by using the below code

Firebase.auth()
            .createUserWithEmailAndPassword(email, password)
            .then((data) => console.log(data))
            .catch(error => console.log(error))

and authenticate your self using registered email and password by below code

Firebase.auth()
           .signInWithEmailAndPassword(email, password)
           .then((data) => console.log(data))
           .catch(error => console.log(error))

With the below rules in your real time database

{
   "rules": {
    ".read": "auth != null",
    ".write": "auth != null"    
    }
}

Then automatically you will be able to access the data from the real time database

var ref = firebase.database().ref("users");
ref.on("value", function(snapshot) {
 snapshot.forEach(function(childSnapshot) {
  var childData = childSnapshot.val();
  var id=childData.id;
  console.log(childData);
 });
});

While logging out add the below command to logout of the app

Firebase.auth().signOut()
Srinivas Srini
  • 87
  • 2
1

In order to grant access to all authenticated users, go to database rules tab in firebase web console and copy/paste following rules: 

{
   "rules": {
    ".read": "auth != null",
    ".write": "auth != null"    
    }
}
adrian.krzysztofek
  • 889
  • 6
  • 21
0

It appears that the /users/{uid} routes can be written to but they can not be read from. I changed /users to /userx and it immediately began working.

Nate Bunney
  • 2,418
  • 2
  • 22
  • 31
0

I hope this can help you.

{
    ".read": true,
    ".write": "auth !== null && root.child('users').child(auth.uid).child('meetings').val() ===  true"
}

You can remove the string && root.child('users').child(auth.uid).child('meetings').val() === true"

and the result is the same.

niksolaz
  • 102
  • 10
0

You can also specify the time, till that you wanna allow like this:

Select Database From Side Menu --> Select Rule From tabs above --> Update your rule like this

{
  "rules": {
    ".read": "now < 1672384350000",  // 2022-12-30
    ".write": "now < 1672384350000",  // 2022-12-30
  }
}
ShoaibShebi
  • 59
  • 1
  • 5
0

In My case it was just firebase options not configured in flutter so I just hand to do flutterfire configure

if you do not have flutterfire cli already setup set that up from here

Mahi Tej Gvp
  • 984
  • 1
  • 14
  • 34
0

rules: {".read": "auth != null", ".write": "auth != null"}

Vivek Yadav Official
  • 3
  • 4
  • 2
    As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Aug 25 '23 at 23:51
-1

If someone still get the Error: permission_denied after allowing correct read rights and are fetching data with some kind of firebase npm package; it could be because you're trying to read from Realtime Database instead of the Cloud Firestore.

I was using react-redux-firebase npm package for a quick and easy setup. By default it uses the Realtime Database. If you're using Cloud Firestore you need to state that in the config with useFirestoreForProfile set to true.

import { ReactReduxFirebaseProvider } from 'react-redux-firebase';

const store = configureStore();
const rrfProps = {
  firebase,
  config: { 
    userProfile: 'users', 
    useFirestoreForProfile: true  // Firestore for Profile instead of Realtime DB
  },
  dispatch: store.dispatch,
  createFirestoreInstance,
};

Probably similar issues with other packages for firebase, like flamelink that support Realtime Database but not Cloud Firestore as stated in this issue.

Calsal
  • 1,375
  • 14
  • 25