I am trying to limit rules for my database from the iOS sdk. I want users to be able to read any collection. However they should not be able to write to the collections specified below. But the users should be able to write to any other collection.
- So READ is always allowed
- Write is always allowed unless its to any of the 5 collections listed below.
Currently even with these rules I can still write to the releases collection.
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /Hello/{document} {
allow read: if request.time < timestamp.date(2028, 10, 10);
allow write: if false;
}
match /Random/{document} {
allow read: if request.time < timestamp.date(2028, 10, 10);
allow write: if false;
}
match /Scope/{document} {
allow read: if request.time < timestamp.date(2028, 10, 10);
allow write: if false;
}
match /type/{document} {
allow read: if request.time < timestamp.date(2028, 10, 10);
allow write: if false;
}
match /Alerts/{document} {
allow read: if request.time < timestamp.date(2028, 10, 10);
allow write: if false;
}
match /{document=**} {
allow read, write: if request.time < timestamp.date(2028, 10, 10);
}
}
}
I am trying to limit rules for my database from the iOS sdk. I want users to be able to read any collection. However they should not be able to write to the collections specified below. But the users should be able to write to any other collection.
- So READ is always allowed
- Write is always allowed unless its to any of the 5 collections listed below.
Currently even with these rules I can still write to the releases collection.
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /Hello/{document} {
allow read: if request.time < timestamp.date(2028, 10, 10);
allow write: if false;
}
match /Random/{document} {
allow read: if request.time < timestamp.date(2028, 10, 10);
allow write: if false;
}
match /Scope/{document} {
allow read: if request.time < timestamp.date(2028, 10, 10);
allow write: if false;
}
match /type/{document} {
allow read: if request.time < timestamp.date(2028, 10, 10);
allow write: if false;
}
match /Alerts/{document} {
allow read: if request.time < timestamp.date(2028, 10, 10);
allow write: if false;
}
match /{document=**} {
allow read, write: if request.time < timestamp.date(2028, 10, 10);
}
}
}
1 Answer
Reset to default 1Firestore security rules will allow access to a document if any rule allows access to it. This rule allows all access for everyone prior to the given date:
match /{document=**} {
allow read, write: if request.time < timestamp.date(2028, 10, 10);
}
See the documentation about overlapping match statements:
It's possible for a document to match more than one match statement. In the case where multiple allow expressions match a request, the access is allowed if any of the conditions is true.
If you don't want to allow all access to all documents like this, your rules must call out each collection to allow access with no wildcards at the root level. That means you'll have to remove the match on /{document=**} and replace it with the specific collections and documents where you want to allow access.