Quick Tip: Firebase Security Rules

Quick Tip: Firebase Security Rules

Firebase Realtime Database security rules are how you secure your data from unauthorised users and protect your data structure.

In this quick tip tutorial, I will explain how to configure your database security rules properly so that only authorised users have read or write access to data. I’ll also show you how to structure your data to make it easy to secure.

The Problem

Let’s assume we have JSON data in our Firebase database, as in the example below:



  "users" : {

    "user1" : {

      "firstName" : "Chike",

      "lastName" : "Mgbemena",

      "age": "89"

      "phoneNumber" : "07012345678"


    "user2" : {

      "firstName" : "Godswill",

      "lastName" : "Okwara",

      "age": "12"

      "phoneNumber" : "0701234"


    "user3" : {

      "firstName" : "Onu",

      "lastName" : 543,

      "age": 90

      "phoneNumber" : "07012345678"





Looking at the database, you can see that there are some issues with our data:

  1. Two users (user1 and user3) have the same phone numbers. We’d like these to be unique.
  2. user3 has a number for last name, instead of a string.
  3. user2 has only seven digits in their phone number, instead of 11.
  4. The age value for user1 and user2 is a string, while that of user3 is a number.

With all these flaws highlighted in our data, we have lost data integrity. In the following steps, I will show you how to prevent these from occurring.

Continue to read the full tutorial at Tuts+