0

I have Users database in which I want each authenticated user to read and update his own data. I also want to set one admin user who can read and update all the users' data in the database.

I tried doing like this - How to only allow one admin user to write Firebase Database?

But it didn't quite work.

My database structure is:

- Users
   -key1
     -email: xyz
   -key2
     -email: abc

This is what I tried. Here I added admin user in firebase auth and his auth id is say - s94ZwBcP However, I dont have any key in the database for this user (as I dont need it).

"rules": {
     "users":{
       "$uid":{
         ".read" : "$uid == auth.uid || auth.uid === 's94ZwBcP'", 
         ".write": "$uid == auth.uid || auth.uid === 's94ZwBcP'"
      }
     }
Doug Stevenson
  • 297,357
  • 32
  • 422
  • 441
SUIIIII
  • 27
  • 1
  • 6
  • What doesn't work about these security rules? Can you edit your question to also include the [minimal code that reproduces that problem](http://stackoverflow.com/help/mcve)? – Frank van Puffelen Oct 14 '19 at 03:52
  • @FrankvanPuffelen I dont get back the keys, when I hit the database, although if I turn the rules to "true" for all, I get back they keys – SUIIIII Oct 15 '19 at 03:15
  • If some code that you run against these rules doesn't work, edit your question to include the [minimal code that reproduces that problem](http://stackoverflow.com/help/mcve). – Frank van Puffelen Oct 15 '19 at 03:26

1 Answers1

0

My guess is that you're trying to read from /users. Since there is no .read rule defined on /users, nobody can read that node.

To allow the admin to get (and modify) the list of all users, modify your rules to:

"rules": {
  "users":{
    ".read" : "auth.uid === 's94ZwBcP'", 
    ".write": "auth.uid === 's94ZwBcP'",
    "$uid":{
      ".read" : "$uid == auth.uid", 
      ".write": "$uid == auth.uid"
    }
  }
}
Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807