2

I cannot set value to my Firebase Database using setValue(). In logs it returns me setValue at ... Permission denied. I checked my rules:

{
  "rules": {
    ".read": "auth == null",
    ".write": "auth == null"
  }
}
Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Asset Bekbossynov
  • 337
  • 3
  • 5
  • 16
  • Your current rules require that the user is not authenticated. More likely you want to use `".write": true`, which allows any user to write no matter if they're authenticated or not. – Frank van Puffelen Jun 28 '17 at 14:04

2 Answers2

1

Try changing your rules to the following and it'll work.

{
  "rules": {
    ".read": true,
    ".write": true
  }
}

As per Frank van Puffelen's comment your rules require the user is not authenticated.

You can read more about the authentication rules here for other options if you need more secure authentication

Hope this helps you

Marcos Placona
  • 21,468
  • 11
  • 68
  • 93
  • Thank you, it works. However before I could get data from same database data with my rules. My question is why now it requires to change rules? Does it depends on user registration?? Because now I am registering users into authorization? Please can you answer – Asset Bekbossynov Jun 28 '17 at 14:13
  • With the permissions above, you're saying anyone can read and write from this database without any authentication whatsoever (regardless if they are authenticated). With your previous code, you're saying the must not be authenticated. I.e. authenticated users can't do anything – Marcos Placona Jun 28 '17 at 14:29
0

Firstly your user must be authenticated as Firebase provide lots of platforms to make user authenticated with it. Example - Google, Facebook, Twitter etc. As user got authenticate by firebase console he/she get access to relevant database and storage. You can also make a user as a guest by using Firebase anonymous authentication.

By doing authentication every user gets a UID using which you can use to give access to them by writing rules if you want different rules for different users.

{
  "rules": {
    "users": {
      "$uid": {
        ".read": "$uid === auth.uid",
        ".write": "$uid === auth.uid"
      }
    }
  }
}

By default you will get something like this in your database rules section :-

{
  "rules": {
    ".read": "auth != null",
    ".write": "auth != null"
  }
}

This simply means that if the user authenticated then only give them read and write access. Apply to all users.

By doing something like this, you are making your database accessible to everyone and also those people who are not using your product.

{
  "rules": {
    ".read": true,
    ".write": true
  }
}

You can do this for testing purpose of your product, but this is not a secure way.

Akshay Nandwana
  • 1,260
  • 11
  • 18