1

In my fireaase storage i have a rule that allows access if

request.auth.token.email in firestore.get(/databases/(default)/documents/Groups/$(groupId)).data.owners

This rule works great in my dev-environment, but when i test in my test-environment

firestore.get(/databases/(default)/documents/Groups/$(groupId))

becomes null and i get "access denied"

In all the guides it says that you have to "Enable cross-service communication" and that the first time you save the rules using firestore.get, you should get a popup asking for "Provision cross-service rules"

The problem is that the first time i saved the rules with the firestore.get, i did not get the pop-up question. And nowhere I can find does it says how to attach that permission, it just says I should!

It's probably something so easy that I haven't found it, but please help!

I have read and tried:

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Slim Sim
  • 1,153
  • 1
  • 7
  • 14
  • 1
    Firebaser here! It's possible to check if the permission is set up correctly. First, navigate to the [Cloud Console IAM page](https://console.cloud.google.com/iam-admin/iam) for your project. Check the checkbox titled "Include Google-provided role grants." Look for a service account ending in `@gcp-sa-firebasestorage.iam.gserviceaccount.com`. This service account should have `Firebase Rules Firestore Service Agent` listed under the "Role" column. – Sam Olsen Mar 31 '23 at 16:18
  • Thank you so much @SamOlsen! It worked, cant understand why I did not get the popup the first time... You should have made a regular answer so I could mark it as correct! But thanks anyway! – Slim Sim Apr 01 '23 at 18:22

0 Answers0