How can I write a firebase rule to allow reading only part of a collection/document?

Question

I’m developing a website using firebase (firestore) that displays articles to role based users.

So the database holds a collection of articles

qlt0mPbTBt1rQcrx1HJR: {
    title: 'Article 1'
    description: 'Lorem ipsum, dolor sit amet consectetur adipisicing elit.'
    secretInfo: 'secret text for partners only...'
},
lrTk2ybMLiDuUw6pcwll: {
    title: 'Article 2'
    description: 'Lorem ipsum, dolor sit amet consectetur adipisicing elit.'
    secretInfo: 'secret text for partners only...'
}

part of the article fields are public (e.g. title / description) and should be viewed by all users and some other fields of that same article (e.g. secretInfo) are private and should only be viewed by specific users with privileged roles (partners/admins etc’…).

I know it’s possible to ‘allow read’ of collections/documents from firebase according to specific rules - as very well described in their docs

service cloud.firestore {
  match /databases/{database}/documents {
      // Only the authenticated user who authored the document can read or write
      allow read, write: if request.auth.uid == resource.data.author;
  }
}

https://firebase.google.com/docs/firestore/security/rules-query

But what I am seeking is a little different as I am trying to allow reading only PART the documents according to a firebase database rule.

I’m not a db developer and not sure if that is something usually done in databases.

Is that possible in any way? Am I approaching this wrongly?

would appreciate any help,

Thank you

Answer 1

Firestore security rules don't support limiting access on individual fields in a document. A user can either read the entire document, or not at all.

If you want a user to only have partial access to some article fields, you should make two collections, one with public information, and one with private information. Then protect the private collection with rules to limit access.