12

We can share a BigQuery dataset with a service account, we can add a service account as a member to a specific bucket by assigning to it a specific role....using graphic interface.

What about Firestore? Can we share a specific collection with a service account?? I couldn't find any such option in the web interface..

Remark: I don't have permission to grant global permissions to service account, but I have permission to add members to a resource and grant them roles over that specific resouce.

Thank you!

Soni Sol
  • 2,367
  • 3
  • 12
  • 23
Farah
  • 2,469
  • 5
  • 31
  • 52

1 Answers1

13

There is no way to assign permissions to service accounts at that level of granularity in Firestore using IAM for Firestore. A service account either has access to every document with the stated privilege, or nothing.

This runs in contrast with per-user access to Firestore via web and mobile clients authenticating with Firebase Authentication. In that case, it's possible to assign per-user permissions using security rules. It's worth nothing that accessing Firestore with a service account completely bypasses all rules established through Firebase.

Doug Stevenson
  • 297,357
  • 32
  • 422
  • 441