Firebase Realtime Database rules to allow a single user Write access

Question

My current Android Application makes use of the Firebase Realtime Database.

I am struggling with the security Rules as I wish to allow only a Single User to be able to Write data while allowing any authenticated user to read data.

I have set these rules but am unsure if they are secure enough...

{
  "rules": {
    ".read": "auth != null",
    ".write": "auth.uid === 'xxxxxxxxxxxxxxxxxxxxxxx'"
  }
}

Where 'xxxxxxxxxxxxxxxxxxxxxxx' is the specified user I wish to allow to write data.

Is a users uid a constant value?

What does the "Authenticate" option manage when clicking on the Simulate button when testing out new rules?

score 5 · Accepted Answer · answered Feb 25 '20 at 14:41

Once a user's UID is generated, it will never change. So checking the UID in the security rules is indeed a common way to ensure only that specific user has a certain permission. I do this on almost every project when getting started for the initial (admin-type) users.

Firebase Realtime Database rules to allow a single user Write access

1 Answers1

Linked