4

I'm trying to create a simple system that allows users to create an account with info that they provided. Right now, I store all the data in a Collection users which has some Documents that represents users.
I'd like to keep some sensitive data of the user, such as the email address and phone number, private. In Firebase Database I would've created something like this: 

  users: {
    uid: {
      public_info:...
      private_info:...
    }
  }

Protecting the data in here is pretty straight forward. I would simply write different rule sets for the private_info and public_info.
How would something like this be achieved in Firestore?

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Bram Vanbilsen
  • 5,763
  • 12
  • 51
  • 84

2 Answers2

4

Use different top-level collections for user public and private data, and set their rules appropriately.

Doug Stevenson
  • 297,357
  • 32
  • 422
  • 441
  • Is this really the only way? I thought Firestore would make it easier to nest data. – Bram Vanbilsen Jan 09 '18 at 23:21
  • 1
    Alternatively you could have a subcollection for each user that contains their private data. You grant public access to the top-level collection, and private access to the subcollections. But it seems a bit overboard to use a sub-collection on each user for that, and it's not possible to protect a subset of a document. – Frank van Puffelen Jan 09 '18 at 23:24
0

Depending on the use case you have two reasonably useful options:

Have a top level collection (public) with a sub collection called something like "private_data" (private) and grant access accordingly.

--OR--

Have a top level collection (private) with a sub collection called something like "public_data" (public) and grand access accordingly.

AspiringApollo
  • 43
  • 7