Firebase rule to target all properties except one

Question

I am trying to write a firebase rule to target all properties except one at a given location. The data is stored as follows

users: {
  userId: {
    property1: some_string,
    property2: some_string,
    property3: some_string
  }
}

I want to create a read rule that always allows reading property1 and allow reading property2 and property3 only if the user is authenticated.

How can I go about writing such a rule?

I guess I can write a rule for each property separately but I wanted to know if there is an easier way to capture all except few use cases.

Answer 1

Firebase security rules cannot be used to filter data. Read operations always either fail or succeed. They never return only part of a node.

If you want to make some of the properties of user profiles publicly readable, while others are only readable to authenticated users, you should put the publicly readable properties into a separate top-level node.

For some more examples of this, see:

• How to create public/private user profile with Firebase security rules?
• Firebase: How to structure public/private user data
• Firebase security rules, setting a children not readable?
• Denormalizing data structures for private data access in Firebase?