Firebase Security Rules: Public vs. Private Data

firebase firebase-security

Solution 1:

With respect to security rules, Firebase operations are all-or-nothing.

As a result, attempting to load all of the data at /signatures will fail because your client does not have permission to read all of the data at that location, though you do have permission to read some of the data there. Similarly, writing to a location behaves the same way, and full permission is required before your operation will continue.

To handle this use case, consider restructuring your data like this:

{
  "rules": {
    ".read": false,
    ".write": false, 
    "signatures-public": {
      ".read": true,
      "$signatureID": {
        // ... public data here
      }
    },
    "signatures-private": {
      "$signatureID": {
        // ... private data here
      }
    }
  }
}

Related

Visual Basic scripting dynamic array
How to auto increment by 2 for a particular table in mysql
Regular expression for password complexity
How to make a fully dynamic prepared statement using mysqli API?
Bot framework get the ServiceUrl of embedded chat control page
Change dialog button color
json format each object in a line
MSGbox in VBS that updates with value of variable
Using box-drawing Unicode characters in batch files
CMD doesn't run after ENTRYPOINT in Dockerfile
Borrow pointer errors recursively traversing tree [duplicate]
FirebaseMessaging.getInstance(firebaseApp) for secondary app supposed to be public but it's private?