Change Realtime DB security rules from test to locked mode

Question

How to change Realtime Database rules from test mode to locked mode ?

I build my app using realtime database and started it in test mode now i want to apply security rules in it for every individual user. But i don't know know to do it. And I haven't find an answer yet regarding to this question yet.

Answer 1

Locked mode for Realtime Database consists of these security rules:

{
  "rules": {
    ".read": false,
    ".write": false
  }
}

That will allow non regular client-side SDK access to your data, and thus only allows administrative processes (such as those using the Admin SDK, or project collaborators with access to the Firebase console) to access the data.

---

If you want your regular users of the client-side application to retain access to the data in a secure way, you will have to implement security rules that control what data they can access and what they can do to that data. This is not a simple yes/no style toggle, but rather it's another part of your business logic - quite similar to what your application code is.

For more on this see:

• The guide on security rules in the Firebase documentation.
• The excellent example on content-owner only access in there.
• The specific documentation on security rules for the Realtime Database, including the excellent video in there.

And many of the previous questions on security rules, such as

• Firebase email saying my realtime database has insecure rules
• How do I lock down Firebase Database to any user from a specific (email) domain?
• Restricting Firebase read/write access to only myself