What would be the correct database rules to allow anybody to read the property names, but prevent people without auth to read the content of the values. This is an order system, where I check if there are the same IDs before setting a property value. Or is there another way I can do this? Thank you.
Here is what I have figured out so far.
{
"rules": {
"orders": {
".read": true,
".write": true,
}
}
}
In the Firebase Database security model either you have access to an entire node, or you don't have access to it. You cannot give a user access to a subset of each node in a collection. See rules cascade in the documentation.
Typically you'll instead split the collection into two: one with the public part and one with the private parts.
{
"rules": {
"ordernames": {
".read": true,
},
"orders": {
".read": "auth !== null",
}
}
}
Also see:
